lockbit | LB3_pass[.]exe | Triage

Sharing

General

Target

LB3_pass.exe
Size

149KB
MD5

c2a9916e3c8ce13e982a229525ed621d
SHA1

99cf3d733648e0de8e7b1b23f0e490f6f413e5c5
SHA256

b2d1570ac866236acba545eca357fe86635531c77f59eb354f46313106ae1a0b
SHA512

f661e252c3c2e620c0d5ca07f0e0e8d08c544c3cc1b047660f37a042e2559dfae6e3de75f1786deea3d1a15492d5ad44777638c3b5791c3636c2921c62d7497b
SSDEEP

3072:TcJCbD97gShYNmXpisfW6PlVwJc9tbPubxTFq111ZfRCdCX7:Tcobp0ShYiMUWgV40pubdFqdOdCX7

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource yara_rule

sample family_lockbit
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

LB3_pass.exe

Files

LB3_pass.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE