Behavioral task
behavioral1
Sample
LB3_pass.exe
Resource
win10v2004-20240508-de
General
-
Target
LB3_pass.exe
-
Size
149KB
-
MD5
c2a9916e3c8ce13e982a229525ed621d
-
SHA1
99cf3d733648e0de8e7b1b23f0e490f6f413e5c5
-
SHA256
b2d1570ac866236acba545eca357fe86635531c77f59eb354f46313106ae1a0b
-
SHA512
f661e252c3c2e620c0d5ca07f0e0e8d08c544c3cc1b047660f37a042e2559dfae6e3de75f1786deea3d1a15492d5ad44777638c3b5791c3636c2921c62d7497b
-
SSDEEP
3072:TcJCbD97gShYNmXpisfW6PlVwJc9tbPubxTFq111ZfRCdCX7:Tcobp0ShYiMUWgV40pubdFqdOdCX7
Malware Config
Signatures
-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
Processes:
resource yara_rule sample family_lockbit -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource LB3_pass.exe
Files
-
LB3_pass.exe.exe windows:5 windows x86 arch:x86
41fb8cb2943df6de998b35a9d28668e8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
gdi32
SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush
user32
DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW
kernel32
SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.itext Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 40KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE