General

  • Target

    Builds.7z

  • Size

    1.8MB

  • MD5

    484933f81970182e04f190efe2527da1

  • SHA1

    72f0810a0ab7f1398ba9f0b0916ee97115e79cc4

  • SHA256

    3968a850f5bc70d954bb5609d929f181a6f05a117fa3be4531cbd96cedfde5d6

  • SHA512

    d9d5d96e13201de976d23783e077bb1f95af3946a44bd1347d637893e471eefed5d9b0de4a7d84d8d2040decf8cea4e3de83555b2424e58ebbc1c7eb4881e37a

  • SSDEEP

    49152:bor7D7eZFTWD/gjKZ4FhydMzOoSGSW7TeXY:UfeZFT48HSCilTWB

Score
10/10

Malware Config

Signatures

  • Lockbit family
  • Rule to detect Lockbit 3.0 ransomware Windows payload 3 IoCs
  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • Builds.7z
    .7z

    Password: infected

  • Builds/ESXi_vx-_____________329D6F9DDBF138D4_19.12.24_i_love_anime.zip
    .zip .ps1 polyglot
  • 329D6F9DDBF138D4/locker_ESXI_I386
    .elf linux x86
  • 329D6F9DDBF138D4/locker_ESXI_X64
    .elf linux x64
  • Builds/LBB_vx-_____________07AAB9B790E0235B_19.12.24_hacking_is_bad.zip
    .zip
  • LBB.exe
    .exe windows:5 windows x86 arch:x86

    3bc510de773c954bd69d33670cb624d6


    Headers

    Imports

    Sections

  • LBB_PS1.ps1
  • LBB_PS1_obfuscated.ps1
    .ps1
  • LBB_PS1_pass.ps1
  • LBB_ReflectiveDll_DllMain.dll
    .dll windows:5 windows x86 arch:x86

    bfce782cfa0e2f22c598571118d3f91d


    Headers

    Imports

    Sections

  • LBB_Rundll32.dll
    .dll windows:5 windows x86 arch:x86

    a6e537c4400191f066a8ccb2bd93aeb1


    Headers

    Imports

    Exports

    Sections

  • LBB_Rundll32_pass.dll
    .dll windows:5 windows x86 arch:x86

    a6e537c4400191f066a8ccb2bd93aeb1


    Headers

    Imports

    Exports

    Sections

  • LBB_pass.exe
    .exe windows:5 windows x86 arch:x86

    3bc510de773c954bd69d33670cb624d6


    Headers

    Imports

    Sections

  • Password_dll.txt
  • Password_exe.txt
  • Password_ps1.txt
  • Builds/LBG_vx-_____________FC8E43EC21BE9047_19.12.24_hacking_is_illegal_ok.zip
    .zip
  • FC8E43EC21BE9047/lbg32.exe
    .exe windows:0 windows x86 arch:x86


    Headers

    Sections

  • FC8E43EC21BE9047/lbg64.exe
    .exe windows:0 windows x64 arch:x64


    Headers

    Sections

  • Builds/LBL_vx-_____________1007BF65F80311D2_19.12.24_hacking_is_illegal_and_for_nerds.zip
    .zip
  • 1007BF65F80311D2/locker_ARM64
    .elf linux aarch64
  • 1007BF65F80311D2/locker_ARMV5
    .elf linux arm
  • 1007BF65F80311D2/locker_ARMV7
    .elf linux arm
  • 1007BF65F80311D2/locker_FREEBSD_AMD64
    .elf linux x64
  • 1007BF65F80311D2/locker_LINUX_I386
    .elf linux x86
  • 1007BF65F80311D2/locker_LINUX_X64
    .elf linux x64
  • 1007BF65F80311D2/locker_MIPS
    .elf linux mipsbe
  • 1007BF65F80311D2/locker_MIPS64
    .elf linux mipsel
  • 1007BF65F80311D2/locker_MIPS64EL
    .elf linux mipsel
  • 1007BF65F80311D2/locker_MIPSEL
    .elf linux mipsel
  • 1007BF65F80311D2/locker_POWERPC
    .elf linux ppc
  • 1007BF65F80311D2/locker_POWERPC64
    .elf linux ppc64
  • 1007BF65F80311D2/locker_POWERPC64LE
    .elf linux ppc64
  • 1007BF65F80311D2/locker_S390X
    .elf linux s390
  • 1007BF65F80311D2/locker_SPARC64
    .elf linux