Behavioral task
behavioral1
Sample
LBLeak/Build.bat
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
LBLeak/Build.bat
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
LBLeak/builder.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
LBLeak/builder.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
LBLeak/keygen.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
LBLeak/keygen.exe
Resource
win10v2004-20240704-en
General
-
Target
b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10
-
Size
139KB
-
MD5
c9c2f3805f0012628e9d62e8f75af4dd
-
SHA1
b6269b1fc8813b93c11ec6066dc33d9f99f2e431
-
SHA256
b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10
-
SHA512
ed4cb425807bbef4da92fe9e17b78746e096612e6006521279162379b2fc65f8dec7647e9c5403c6a74e6eb9b61dce7ca1c74c65d77aafbd0719be79cb1d70ff
-
SSDEEP
3072:pYWJsCuSlRODbWhyyZZsZ77n4s31uZzd2ppyMPOLOcrgCz:pbuSlicZyx4W1uLYpyMPOLjhz
Malware Config
Extracted
blackmatter
65.239
Signatures
-
Blackmatter family
-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
resource yara_rule static1/unpack001/LBLeak/builder.exe family_lockbit -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/LBLeak/builder.exe unpack001/LBLeak/keygen.exe
Files
-
b2c3beda4b000a3d9af0a457d6d942ec81696f3ed485f7cf723b18008a5f3d10.7z
Password: infected
-
LBLeak/Build.bat
-
LBLeak/builder.exe.exe windows:5 windows x86 arch:x86
d2e26e45dcb84f1062f90f29a9cf0faa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxW
kernel32
LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile
shell32
CommandLineToArgvW
msvcrt
_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp
imagehlp
CheckSumMappedFile
ntdll
RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 439KB - Virtual size: 438KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
LBLeak/config.json
-
LBLeak/keygen.exe.exe windows:5 windows x86 arch:x86
73eeda700d0a0376845c61c44155f4a8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfA
kernel32
GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW
shell32
CommandLineToArgvW
msvcrt
_wcsicmp
memcpy
memset
free
fputc
exit
calloc
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE