lockbit | 19022025_0646_LB3[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

19022025_0646_LB3.exe
Size

158KB
MD5

856b79e547c63002f3da2e5bb9d833ad
SHA1

2bcde5103444794e59499852b606a2e5d07607d3
SHA256

80b6faacd5838028b48a8f04568e494d54c552dc54d15ff6c627e1cc2e818c07
SHA512

b9961c349fc1a729c16dc467a12cbabb534271a6960d82f397a5a795c078d4d6fd78bec9bf571355f599b6470ababc9fec3dcc4b0771fa897dded3fc53ae276c
SSDEEP

1536:tzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDJsU8DOX2V/5/INXNyy/HBkZ2YD:+qJogYkcSNm9V7Dqe2V/qDwOrkWTe

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Files

19022025_0646_LB3.exe
.exe windows:5 windows x86 arch:x86

Password: infected

914685b69f2ac2ff61b6b0f1883a054d

Code Sign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02-09-2011 00:00

Not After

01-09-2014 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:90:ca:c7:99:5e:0a:45:ae:f4:85:35:36:ac:6f:22:61:f8:b5:61
Signer

Actual PE Digest

8c:90:ca:c7:99:5e:0a:45:ae:f4:85:35:36:ac:6f:22:61:f8:b5:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

914685b69f2ac2ff61b6b0f1883a054d

Code Sign

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8c:90:ca:c7:99:5e:0a:45:ae:f4:85:35:36:ac:6f:22:61:f8:b5:61Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

43:bb:43:7d:60:98:66:28:6d:d8:39:e1:d0:03:09:f5
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8c:90:ca:c7:99:5e:0a:45:ae:f4:85:35:36:ac:6f:22:61:f8:b5:61
Signer

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB