Behavioral task
behavioral1
Sample
LockBit3 RansomWare.rar
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
LockBit3 RansomWare.rar
Resource
win10v2004-20240704-en
General
-
Target
LockBit3 RansomWare.rar
-
Size
158KB
-
MD5
348a1ec2197db2ed8fd1034fc2ed5282
-
SHA1
e32bbdef3415a59ffbbd53648071c67404d26a7e
-
SHA256
38a71ff442d943f02a32b4e909a7359b003d6c5872cc5f5dfa470fb0ece3d976
-
SHA512
6762a5c1500afd0b4ac57b6005c2326d1e7ba16118a4d2a537fa847dd856ae079b83c58550e40718ef0fbc8e864e65a0eb95fb0bd6d5eb1b6b40c73a1f5b153a
-
SSDEEP
3072:DZdYx2XkOVpXxWzyutmYS1SzeAhITgt3JpNjIB9rvzcsEK626ZLN3M:DfM23hoBS15AiTgtf9ervYT926ZL+
Malware Config
Extracted
blackmatter
65.239
Signatures
-
Blackmatter family
-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs
resource yara_rule static1/unpack001/LockBit3 RansomWare/builder.exe family_lockbit -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/LockBit3 RansomWare/builder.exe unpack001/LockBit3 RansomWare/keygen.exe
Files
-
LockBit3 RansomWare.rar.rar
-
LockBit3 RansomWare/Build.bat
-
LockBit3 RansomWare/builder.exe.exe windows:5 windows x86 arch:x86
d2e26e45dcb84f1062f90f29a9cf0faa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
MessageBoxW
kernel32
LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile
shell32
CommandLineToArgvW
msvcrt
_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp
imagehlp
CheckSumMappedFile
ntdll
RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader
Sections
.text Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 439KB - Virtual size: 438KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
LockBit3 RansomWare/config.json
-
LockBit3 RansomWare/keygen.exe.exe windows:5 windows x86 arch:x86
73eeda700d0a0376845c61c44155f4a8
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
user32
wsprintfA
kernel32
GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW
shell32
CommandLineToArgvW
msvcrt
_wcsicmp
memcpy
memset
free
fputc
exit
calloc
Sections
.text Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE