lockbit | 21867408347[.]zip | Triage

Sharing

General

Target

21867408347.zip
Size

106KB
MD5

f7fe2ad1c63512e91f10bb110422c018
SHA1

b30c00765442cdf3a3a40d634601a3f6f290883e
SHA256

4d9349b5fa20bbd711b665f8a97ede9224f0d34265d5811a2877093fbaff7221
SHA512

e06a5332722b062b25562e5c4c05d6054fb50b1fa20cae5ce0f30465a94fd4cfd1234471399a98b42ccf29a55fcdf4ef14d8c57dfe4f7a1af4402c313d75e1ac
SSDEEP

3072:0habB4rEuOdQso2mRo8MgmLhXASIct8yFrNW3yIqa:TVyXMJLhXA3ct/r/a

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/016cf44b5637f2c71383de4549b9eff72e74382e30add1d14c3944daed9e2e5d	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/016cf44b5637f2c71383de4549b9eff72e74382e30add1d14c3944daed9e2e5d

Files

21867408347.zip
.zip

Password: infected
016cf44b5637f2c71383de4549b9eff72e74382e30add1d14c3944daed9e2e5d
.exe windows:5 windows x86 arch:x86

a50a0d82b9120fc73965c28fea79e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetTextColor
SetPixel
SelectObject
GetTextMetricsW

user32

EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
LoadMenuW
DialogBoxParamW
CreateWindowExW
CreateDialogParamW
GetClassNameW

kernel32

GetDateFormatW
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetCommandLineA
FormatMessageW
GetLastError

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE