LockBit (1)[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

LockBit (1).rar
Size

3.0MB
MD5

f609b57eb9d64194112786c5411c8f2e
SHA1

841b0eb93a9be59d4a4468330e915504ee9a5aee
SHA256

f2363a572a7d408e1ea2a04fd2f5a23cd7c42db67d5111bf9a7541ab9f005ec9
SHA512

577c83c0113d64d02e549661daade9e6d8bdd5360cc01d5d02325dd167f02fd3900ee186f8dabe9a5a250e2fc4a44ebb82ef136f4e0177b1b64c2d18f6835b41
SSDEEP

98304:atRx753lm2dF+2dFdE2dFPINGokC8FH8NZjvN:atRxFlmeF+eF+eFwN4VQZjvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debug/decryptor.exe
unpack001/Release/decryptor.exe
unpack001/builder.exe
unpack001/decryptor/decryptor.exe

Files

LockBit (1).rar
.rar
Debug/decryptor.exe
.exe windows:6 windows x86 arch:x86

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconExA
ord137

user32

CallMsgFilterA

advapi32

AreAnyAccessesGranted

kernel32

GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
UnhandledExceptionFilter
FreeConsole
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
WriteConsoleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug/decryptor.ilk
Debug/decryptor.pdb
Release/R3ADM3.txt
Release/decryptor.exe
.exe windows:6 windows x86 arch:x86

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconExA
ord137

user32

CallMsgFilterA

advapi32

AreAnyAccessesGranted

kernel32

GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
UnhandledExceptionFilter
FreeConsole
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
WriteConsoleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Release/decryptor.iobj
Release/decryptor.ipdb
Release/decryptor.pdb
builder.exe
.exe windows:6 windows x86 arch:x86

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconExA
ord137

user32

CallMsgFilterA

advapi32

AreAnyAccessesGranted

kernel32

GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
UnhandledExceptionFilter
FreeConsole
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
WriteConsoleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
builder/builder.vcxproj
.xml
builder/builder.vcxproj.filters
builder/builder.vcxproj.user
decryptor/decryptor.exe
.exe windows:6 windows x86 arch:x86

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconExA
ord137

user32

CallMsgFilterA

advapi32

AreAnyAccessesGranted

kernel32

GetProcessHeap
SetStdHandle
HeapSize
CreateFileW
UnhandledExceptionFilter
FreeConsole
CloseHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
WriteConsoleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
SetEnvironmentVariableW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 460KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decryptor/decryptor.ilk
decryptor/decryptor.pdb
locker/Debug/locker.Build.CppClean.log
locker/Debug/locker.log
locker/Debug/vc142.idb
locker/Debug/vc142.pdb
locker/GetApi.h
locker/MetaRandom2.h
locker/MetaString.h
locker/Release/locker.Build.CppClean.log
locker/Release/locker.log
locker/Release/vc140.pdb
locker/antihook/antihooks.h
locker/api.h
locker/chacha20/chacha.c
locker/chacha20/chacha.h
locker/chacha20/ecrypt-config.h
locker/chacha20/ecrypt-machine.h
locker/chacha20/ecrypt-portable.h
locker/chacha20/ecrypt-sync.h
locker/common.h
locker/filesystem.h
locker/global_parameters.h
locker/hash.h
locker/locker.h
locker/locker.vcxproj
.xml
locker/locker.vcxproj.filters
locker/locker.vcxproj.user
locker/logs.h
locker/memory.h
locker/network_scanner.h
locker/ntdll.h
locker/process_killer.h
locker/queue.h
locker/threadpool.h

Sharing

General

Malware Config

Signatures

Files

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

advapi32

kernel32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 460KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

advapi32

kernel32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 460KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

advapi32

kernel32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 460KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

73011e4ba8dc0b0dfec2e41202c785bd

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

advapi32

kernel32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 460KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 460KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 460KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 460KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 460KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB