lockbit | 8452b0a85e0822cd71de7a5705d7fe65ed541b91 | Triage

Sharing

General

Target

8452b0a85e0822cd71de7a5705d7fe65ed541b91
Size

140KB
MD5

0935ea62f9193d457b4e1956670ec088
SHA1

8452b0a85e0822cd71de7a5705d7fe65ed541b91
SHA256

5506e7c24bfce20c4def5769d38b6089853d6bab3d4186bbe07a4e9572511023
SHA512

92d8960e3223952aaac1c4ea0755d26339d4d114ed6c848137642d1db159b72d82069f369c83dff97e87b552dce4e53137b1d508a1a534c1ce6eacfb54897468
SSDEEP

3072:ZeDMfTwrNnlo2Og7UPXBJCg0cUZrnkBDV8hY5ZNgyrIBW:CMf8r/d7UvvCDvFkBDV82eII0

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource yara_rule

sample family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
8452b0a85e0822cd71de7a5705d7fe65ed541b91

Files

8452b0a85e0822cd71de7a5705d7fe65ed541b91
.dll windows:5 windows x86 arch:x86

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDeviceCaps
SetTextColor
SetPixel
SetDCBrushColor
GetTextMetricsW
GetTextCharset
CreateDIBitmap

user32

CreateMenu
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE