lockbit | LB3_pass[.]exe | Triage

Sharing

General

Target

LB3_pass.exe
Size

149KB
MD5

52f6f4598df3a891f064daf72f430869
SHA1

c3a6344c2a4286c5bb982184b793780ea7d55e14
SHA256

3d8bf0d63c4eb8043065c0b450d076ef6676ef34bcc7055ec32b7c912af431a8
SHA512

122236624fed68f4fdb63cd7177ba2116b51a6a1a15e6544a159a85c41b4c4f2a3453fdce000dc1e6851e4c6fe90d9bea973dcfebd6a5c6544d780739900b190
SSDEEP

3072:0IJ+q4TViuRUYwuRbl8A9Vse/QdYGwOsK+8:NsZRU21CS5Q0zK+8

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource yara_rule

sample family_lockbit
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

LB3_pass.exe

Files

LB3_pass.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE