lockbit | Build[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

Build.7z
Size

468KB
MD5

4b25a3c2a802a67f95258579bdb9e5e4
SHA1

b0cda3601759ab31dd713e5d8dc64e71805fbd67
SHA256

1da5db573fd3cb8b02537c09367e6c1ab0a1c0afda05fa642f4763be780d1c6e
SHA512

c0a4cfc9e5602d5bbf564717aba5b436fafff0a56d633ea034e9c52177323e259728341394c4996fd106c68536cca89026cf38ed791a1f426f3c87979cafe80f
SSDEEP

6144:uVCyPVhXs4xGjut/k4Ghfe8gaKJ1tZpmAOy777Aw4RYvadNH1wh4y3ePWb3C9ezP:vUhXlGUKhKTtfOy7A1Eav2f3XTC9ek7w

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 3 IoCs

resource	yara_rule
static1/unpack001/LB3.exe	family_lockbit
static1/unpack001/LB3_Rundll32_pass.dll	family_lockbit
static1/unpack001/LB3_pass.exe	family_lockbit

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LB3.exe
unpack001/LB3Decryptor.exe
unpack001/LB3_ReflectiveDll_DllMain.dll
unpack001/LB3_Rundll32.dll
unpack001/LB3_Rundll32_pass.dll
unpack001/LB3_pass.exe

Files

Build.7z
.7z
DECRYPTION_ID.txt
LB3.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LB3Decryptor.exe
.exe windows:5 windows x86 arch:x86

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
DialogBoxParamW
SetDlgItemInt
SetSysColors
SetTimer
SetWindowPos
SetWindowTextW
SystemParametersInfoW
EndDialog
SendMessageW
MessageBoxW
LoadIconW
KillTimer
GetDlgItem

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjects
Sleep
SetThreadPriority
SetFilePointerEx
CloseHandle
CreateFileW
CreateIoCompletionPort
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushConsoleInputBuffer
GetCommandLineW
GetConsoleWindow
GetDriveTypeW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLogicalDriveStringsW
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStdHandle
GlobalFree
HeapSetInformation
InterlockedIncrement
IsBadReadPtr
MoveFileExW
PostQueuedCompletionStatus
ReadFile
ResumeThread
SetConsoleTextAttribute
SetConsoleTitleW
SetEndOfFile
SetFileAttributesW

comctl32

InitCommonControls

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHChangeNotify
DragQueryFileW

msvcrt

wcslen
wcsrchr
_getch
_kbhit
_wcsicmp
memcpy
memmove
memset
swprintf
wcscat
wcscpy

advapi32

MD5Update
MD5Init
MD5Final
ConvertSidToStringSidW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW

ntdll

RtlDeleteCriticalSection
RtlDestroyHeap
RtlCreateHeap
RtlFreeHeap
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlReAllocateHeap
NtClose
RtlAllocateHeap
RtlAdjustPrivilege
NtTerminateThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtOpenProcess
NtDuplicateToken
RtlEnterCriticalSection

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFileExistsW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

mpr

WNetAddConnection2W
WNetGetUniversalNameW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LB3_ReflectiveDll_DllMain.dll
.dll windows:5 windows x86 arch:x86

b1826e7d9522633dc1f4953f25424ce3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

CreateDIBitmap
TextOutW
SetTextColor
SetDCBrushColor
GetTextColor
GetTextCharset
GetPixel
BitBlt

user32

CreateDialogParamW
CreateWindowExW
DialogBoxParamW
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
LoadImageW

kernel32

GetTickCount
SetLastError
LoadLibraryW
LoadLibraryExA
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetLastError

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LB3_Rundll32.dll
.dll windows:5 windows x86 arch:x86

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDeviceCaps
SetTextColor
SetPixel
SetDCBrushColor
GetTextMetricsW
GetTextCharset
CreateDIBitmap

user32

CreateMenu
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LB3_Rundll32_pass.dll
.dll windows:5 windows x86 arch:x86

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDeviceCaps
SetTextColor
SetPixel
SetDCBrushColor
GetTextMetricsW
GetTextCharset
CreateDIBitmap

user32

CreateMenu
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LB3_pass.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Password_dll.txt
Password_exe.txt
priv.key
pub.key

Sharing

General

Malware Config

Signatures

Files

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

comctl32

shell32

msvcrt

advapi32

ntdll

shlwapi

mpr

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 792B

b1826e7d9522633dc1f4953f25424ce3

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 23KB - Virtual size: 24KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 792B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 23KB - Virtual size: 24KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 2KB - Virtual size: 1KB

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 2KB - Virtual size: 1KB