Overview

overview

10

Static

static

10

ransom/Build.bat

windows7-x64

3

ransom/Build.bat

windows10-2004-x64

3

ransom/Build/LB3.exe

windows7-x64

9

ransom/Build/LB3.exe

windows10-2004-x64

9

ransom/Bui...or.exe

windows7-x64

7

ransom/Bui...or.exe

windows10-2004-x64

7

ransom/Bui...in.dll

windows7-x64

9

ransom/Bui...in.dll

windows10-2004-x64

7

ransom/Bui...32.dll

windows7-x64

3

ransom/Bui...32.dll

windows10-2004-x64

3

ransom/Bui...ss.dll

windows7-x64

10

ransom/Bui...ss.dll

windows10-2004-x64

10

ransom/Bui...ss.exe

windows7-x64

10

ransom/Bui...ss.exe

windows10-2004-x64

10

ransom/builder.exe

windows7-x64

1

ransom/builder.exe

windows10-2004-x64

3

ransom/keygen.exe

windows7-x64

1

ransom/keygen.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ransom.zip

  • Size

    831KB

  • MD5

    7cd61bf217379a23bf42b1f9d08affab

  • SHA1

    ac4cca1c691780cb6f33b476495b2fa30e00214b

  • SHA256

    2882cbed0fb11c95d01b487a85338f4ec25fd44fc3f0936d68af4832d1be9a54

  • SHA512

    e408d2f8bcad00448cacbc38bc747a83c4b23f484e789d129f110a51ffae417e644ae1b48350942630cbb12b3616480f73875afd55668b1b380af4606e40e44f

  • SSDEEP

    24576:RyS4x8Uhh9cBLMfwp0zhbWA/7rYQXYJpD7r1OGKoW4XH:Y5xTHhhhnZYPhPH

Score
10/10
lockbitblackmatter

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

  • Blackmatter family
    blackmatter
  • Lockbit family
    lockbit
  • Rule to detect Lockbit 3.0 ransomware Windows payload 4 IoCs
  • Unsigned PE 8 IoCs

    Checks for missing Authenticode signature.

Files

  • ransom.zip
    .zip

    Password: AndreaLicheri

  • ransom/Build.bat
  • ransom/Build/DECRYPTION_ID.txt
  • ransom/Build/LB3.exe
    .exe windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    914685b69f2ac2ff61b6b0f1883a054d


    Headers

    Imports

    Sections

  • ransom/Build/LB3Decryptor.exe
    .exe windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    4585cfc85e0cd554d6b5d4bf1bb3d5e4


    Headers

    Imports

    Sections

  • ransom/Build/LB3_ReflectiveDll_DllMain.dll
    .dll windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    07530c85f3bf8d18d55bc566a43ea905


    Headers

    Imports

    Sections

  • ransom/Build/LB3_Rundll32.dll
    .dll windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    d5feac3e94d92e4c2e9fe14f1f783fd7


    Headers

    Imports

    Exports

    Sections

  • ransom/Build/LB3_Rundll32_pass.dll
    .dll windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    d5feac3e94d92e4c2e9fe14f1f783fd7


    Headers

    Imports

    Exports

    Sections

  • ransom/Build/LB3_pass.exe
    .exe windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    914685b69f2ac2ff61b6b0f1883a054d


    Headers

    Imports

    Sections

  • ransom/Build/Password_dll.txt
  • ransom/Build/Password_exe.txt
  • ransom/Build/priv.key
  • ransom/Build/pub.key
  • ransom/builder.exe
    .exe windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    d2e26e45dcb84f1062f90f29a9cf0faa


    Headers

    Imports

    Sections

  • ransom/config.json
  • ransom/keygen.exe
    .exe windows:5 windows x86 arch:x86

    Password: AndreaLicheri

    73eeda700d0a0376845c61c44155f4a8


    Headers

    Imports

    Sections