General
-
Target
7b105aba893b98d1ae293b3096854077d430f071d2801f57d8d5c370b53f1964
-
Size
140KB
-
Sample
240908-b4rl4azdmh
-
MD5
6919bbcaaa9d969309e3f8619a9f4547
-
SHA1
cd33410b0dc50cee29238da544194f8316caea20
-
SHA256
7b105aba893b98d1ae293b3096854077d430f071d2801f57d8d5c370b53f1964
-
SHA512
28b57ac32abaace844225c979312c065b51b671ee86faecc58e925382b3e8c85194542e619115c8af51e87439840a107126ddbc4b04e17dfe5289c8472c8bb38
-
SSDEEP
3072:Ge/p4qavLr9+ycFup+6LZEDlimJriBTNl5c14VWDxqvUq1:GYp47vIIpZEDl7JiBzVWDS
Behavioral task
behavioral1
Sample
LBB_pass.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LBB_pass.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
l.bat
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
l.bat
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
LBB_pass.exe
-
Size
141KB
-
MD5
ecccac5d8de56c9a28b91ab1bda23c16
-
SHA1
20f2811da9b151b34ae7c257ec672a0c1d3f60ee
-
SHA256
336c36746aeee4e0753f5bf90a4429f0e91468ff02ed00c62559ea1e29b333a2
-
SHA512
1e0a5432c382be17f11a4d4772c8d4d3b6359fe90dbb25d250e480a2439cd8d108cb725a64777be3765afdd9ec03b1f7aef3b94c58a45bfc5dc74c8633463c54
-
SSDEEP
3072:OFtQp4qavvr9EycFur+6LZEzHzDkDd0+NiJ5c14VTDxqvUqN:gQp47vGIrZEjzgDd0+6VTDE
Score10/10-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
l.bat
-
Size
638B
-
MD5
5b1f0a177a035da3891f91183d77fad7
-
SHA1
282ae07cdd4630e605de19508ed00b86b0932e76
-
SHA256
f66f9834a6085ffda1ffa04dbed6a334719ea92e24c2b0950bef9573cffed015
-
SHA512
145b77756d97a227d967264a4241a9f7984af94a554be28847e2ecd4bc7b628858d0def3d7e665874b1780f9e7a434cc21b86659cf053fa268bdccbf2f8b1f48
Score10/10-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Renames multiple (356) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-