2024-05-08_2581871c665f6009301b02c2039ac08a_lockbit | Triage

Sharing

General

Target

2024-05-08_2581871c665f6009301b02c2039ac08a_lockbit
Size

1.3MB
MD5

2581871c665f6009301b02c2039ac08a
SHA1

05810e7c478de68ca697e792ada9373e399b4688
SHA256

032c0974515c0c2d53092ae6b62f4a60e993d5a5d5b7e9940079488e7c1ad5eb
SHA512

a2de5714f0c10cd30f1425f492dddc7b4b3ba54d9eaf0550d5cbc73784a9c202d21bce2910baa57577ec801849130bdb51b908b7307c05d09a37cf2cc8788f67
SSDEEP

24576:3Do2VjeGdAy5vfsM7WqjUJ5yfhIdojf9e0:xIGd694UHdo

Score

10^/10

Malware Config

Signatures

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_Enigma

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-08_2581871c665f6009301b02c2039ac08a_lockbit

Files

2024-05-08_2581871c665f6009301b02c2039ac08a_lockbit
.exe windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 216KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE