Overview
overview
10Static
static
10lockbit3.0-main.zip
windows10-2004-x64
1lockbit3.0...ld.bat
windows10-2004-x64
3lockbit3.0...ID.txt
windows10-2004-x64
1lockbit3.0...B3.exe
windows10-2004-x64
10lockbit3.0...or.exe
windows10-2004-x64
7lockbit3.0...in.dll
windows10-2004-x64
7lockbit3.0...32.dll
windows10-2004-x64
3lockbit3.0...ss.dll
windows10-2004-x64
10lockbit3.0...ss.exe
windows10-2004-x64
10lockbit3.0...ll.txt
windows10-2004-x64
1lockbit3.0...xe.txt
windows10-2004-x64
1lockbit3.0...iv.key
windows10-2004-x64
3lockbit3.0...ub.key
windows10-2004-x64
3lockbit3.0...er.exe
windows10-2004-x64
3lockbit3.0...g.json
windows10-2004-x64
3lockbit3.0...en.exe
windows10-2004-x64
3General
-
Target
lockbit3.0-main.zip
-
Size
885KB
-
Sample
250604-ss8jxabr5v
-
MD5
1927b9a07035a0812fc9d9513693ced4
-
SHA1
b5298ab12674ddb9410c10f47e8812911f1e7257
-
SHA256
58d02c2899d736d066dbe72a2c773f005b8d78858f10772cb55e7f47d2d01916
-
SHA512
f3ff3deb315fb3f14c71c966b1b8ab3bc836d2958b424ea214194481dfb91c98577b35deb5baffa0cc05a1e262a7a3d1924d3215da6da6823b271ecba399eab5
-
SSDEEP
12288:mQui73xggZO3j4Km7r8JfJ7yd0TwAWUIiD/DdWojsHgBuwEGZpJRTq8tlV+8qKh6:Si7BZSosJU0MxWD/Dd3IHgEw5ZNlZc
Behavioral task
behavioral1
Sample
lockbit3.0-main.zip
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build.bat
Resource
win10v2004-20250502-en
Behavioral task
behavioral3
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/DECRYPTION_ID.txt
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral5
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3Decryptor.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral6
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_ReflectiveDll_DllMain.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral7
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_Rundll32.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_Rundll32_pass.dll
Resource
win10v2004-20250502-en
Behavioral task
behavioral9
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_pass.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral10
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/Password_dll.txt
Resource
win10v2004-20250502-en
Behavioral task
behavioral11
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/Password_exe.txt
Resource
win10v2004-20250502-en
Behavioral task
behavioral12
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/priv.key
Resource
win10v2004-20250502-en
Behavioral task
behavioral13
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/pub.key
Resource
win10v2004-20250502-en
Behavioral task
behavioral14
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/builder.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral15
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/config.json
Resource
win10v2004-20250502-en
Behavioral task
behavioral16
Sample
lockbit3.0-main/lockbit3.0-main/LockBit30/keygen.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
blackmatter
25.239
Extracted
C:\ZImkTWSLZ.README.txt
lockbit
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
http://lockbitapt.uz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
https://twitter.com/hashtag/lockbit?f=live
http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
http://lockbitsupp.uz
https://tox.chat/download.html
Targets
-
-
Target
lockbit3.0-main.zip
-
Size
885KB
-
MD5
1927b9a07035a0812fc9d9513693ced4
-
SHA1
b5298ab12674ddb9410c10f47e8812911f1e7257
-
SHA256
58d02c2899d736d066dbe72a2c773f005b8d78858f10772cb55e7f47d2d01916
-
SHA512
f3ff3deb315fb3f14c71c966b1b8ab3bc836d2958b424ea214194481dfb91c98577b35deb5baffa0cc05a1e262a7a3d1924d3215da6da6823b271ecba399eab5
-
SSDEEP
12288:mQui73xggZO3j4Km7r8JfJ7yd0TwAWUIiD/DdWojsHgBuwEGZpJRTq8tlV+8qKh6:Si7BZSosJU0MxWD/Dd3IHgEw5ZNlZc
Score1/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build.bat
-
Size
733B
-
MD5
1905cc9973206fea5050b737f9303fb4
-
SHA1
497524177d9478a4b5dca3e73cc230be6abf4ce0
-
SHA256
e2f5b93040d57de6251d16256bcd04aa8eb337bde87308e602f01070efd345fb
-
SHA512
95bae9406d01083f6fe6916ecf8e889afe20ff5863070f1787dc7a60d2d1d5af2cf3fd481a3c4fb531f16dd2cb7a685002aaac1dc907cf189c19c60f2816dd76
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/DECRYPTION_ID.txt
-
Size
16B
-
MD5
b1cd07d8c346e344042066aee57ea45b
-
SHA1
1dd2a84bcf04a59c7d643c0852661e09a983630a
-
SHA256
47a9e1ce014c3ddeb3c19bbdfbe3671a5944f71313710ba2796e2ac058544322
-
SHA512
10fdb9478115a137535db230779adb7a1c80a9f78aa8934b1e23a71210a24e986a800371d0b9e1f693d095dc8b646ea77a67d144e172b362d8b27d406c3d0e37
Score1/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3.exe
-
Size
153KB
-
MD5
c73eac0c837c3c5caca3a885f46c17d9
-
SHA1
a0ca9511b40c9c2451986ce179016ec4014e9adb
-
SHA256
e609bf8406b61613f3e605d277cf445059974a4c71c3edd09fffae86a3c5dbfe
-
SHA512
157c92e561cd18876ab60faf8a3d8e62633e7750accb965e86f3202b0d5ff902d3ae51fb41592d9be22672e67a713291e469a09be57e6f77dd6343090324792a
-
SSDEEP
3072:xqJogYkcSNm9V7D2YRLCm8ZdqVAxrMismEm8T:xq2kc4m9tDlhLqb
-
Lockbit family
-
Renames multiple (640) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3Decryptor.exe
-
Size
54KB
-
MD5
d1c15784587717fe03448d0c4dc8dd5b
-
SHA1
f36ac101949a4fa8f604d561957fb9d3e1f73699
-
SHA256
4973313c1c003a27190fba0a43dda1be78891552c9fabaa0c65e0051965ceee7
-
SHA512
ef81b11962fb56a583c43ecdf0f8c66ef17850e85e56794b6c4ca328751609e4fe1fb1494e0e7315ff396510c467e440b74b62c105ce226f2fda49379d551a81
-
SSDEEP
768:llD2N5KCJD5rkdDRib1Xf0854bhC3E9zpKMMYj1MYgFMRx:nAkCJD5rKDRib1F54NLp2Yj1M7MD
-
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_ReflectiveDll_DllMain.dll
-
Size
106KB
-
MD5
2ecc319574b76994e76c4f971c820362
-
SHA1
8f3d04cab7c6be2220860ec391d75ba2f8f17b33
-
SHA256
123797c18b044fb5aeba5dcccaf9ef1df0b7553413e9433876f1f94b8cd0584f
-
SHA512
39c63668d424ff9efa625a82312edf5a30f7ca3edd896bd6ef1857ced02e5462cf191af54b6e55388b844fa5e50f77e3a6ce5b5983f61eb57a45c4b2fbb3567e
-
SSDEEP
1536:LzICS4A30TY1kUS/U2ztdS1I6DdL9Ta16CX4VtgYfC3zHZbhuMGCS:0J0TYyUS/U2RgGWL9+joVtHfilfd
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_Rundll32.dll
-
Size
152KB
-
MD5
a451f94bf71b55142e64d65dda361e3d
-
SHA1
79dbdba2019c0bb2859cf2886ad4ceaadf769311
-
SHA256
42a708a61e3bb54ac63748ac47bb96ded6e32bbe927a87c8e57094110293c325
-
SHA512
a5336d7a3345a562214f8081459937f4c9c17882aa614fa514eea6ec7e3afd416e943560a92ecfe88ecc281729c9e6eefe2300d087b1ee510aaef0d3ac343803
-
SSDEEP
3072:LrPn1hcH98P67PBH2G3gFoh3H6J1vVjgQp3RpM1dpbQrQymzUOMgInmwuzEvigpx:LrP1hG98P67PNV3gih3H6J1VjgQp3Rpb
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_Rundll32_pass.dll
-
Size
148KB
-
MD5
1cf36fecacae95acaed46247090fd4b6
-
SHA1
4dcf048521b7c8fcba54d20f06be6ea60131bce1
-
SHA256
6eb4d985a52554d37c0efec1457258e4dfd4619ff0396c66e2f9a02d8381ce57
-
SHA512
7b6c660245ed236a12e4c7e36e30283b5d2736de2d419da60d4ab584016de24dd40f7c4d407c5a4cee3c1995d136a775f72ed2ca16c911d75a2c9c2f4b57a99c
-
SSDEEP
3072:TTmYfHnIUoQ3+Cv9y5esf+Ieva3YVxz8jZGhjhjGI:TBvn3+WnSev7VujMzf
Score10/10-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/LB3_pass.exe
-
Size
149KB
-
MD5
4f6c3752e20422203d1bd00acb082ba5
-
SHA1
2d648879014bf464bf3ed640642c9f7665115ad4
-
SHA256
500eeeb1927f1fb9304a2167d6ea7e318d242da0c68e03f3ec60d704acfa0add
-
SHA512
310c78b0057ec044ce14eb4242729f958f4de2d3cb8cc8f8052d8b6ead5ff692a870ec027204dffb3fe3951e6c8bc5b59d6a21046c66643e7d14ac3a88c31271
-
SSDEEP
3072:lX6v7dL14It1Zvcb4n8uqlWpwkC/Va7U6JDN9ZiIyOmYNeZaVi:lIR1NPZO4n8VlWpKp6DliIyO/En
Score10/10-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/Password_dll.txt
-
Size
1KB
-
MD5
cd73e5da7534c1cc75358e77bced80ba
-
SHA1
684301a030de00bf594f32dbc58e6caed663ecd5
-
SHA256
dd27eb7a55e7ef44d9d2e0cb92108637c8248d58532c22d59e8057e7da111580
-
SHA512
fb747890e36a0e9144bb23917118d6b14cd5ea20434d3f241ceb1de8a21c92539d9cac07bac8d17ae69bae754f941f9326203c06e95d86d7cf20a542af0f060e
Score1/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/Password_exe.txt
-
Size
2KB
-
MD5
68c7c951ecfca7322e1ecb486f42883e
-
SHA1
882b636e399f6566b98a20923ad8cfc166bab2c1
-
SHA256
706453b2bafdb0f723b55100d5034621f8a3b61822aad5a7bf875b6113017c74
-
SHA512
3135ccc918dbd9ea08432d2b92bf272716b039d3ca9b4b94a32e4774f41cdb148e347fbc89f3d1285a2fe7389585e13790fd226d9adf9eadc69ceeac931cdd65
Score1/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/priv.key
-
Size
344B
-
MD5
95dc3cc7a5702f8c2b7504f14a8d465f
-
SHA1
9a48c88b07ab58cb624bb0f9bc916865f0020f1d
-
SHA256
f89e7aafae18b96cbf6549ef855d2b8c0e48e694bdce8580f4b45781bd2d5f39
-
SHA512
e85cb3af3c68cbe65256571aefc481228d3f558723911b35fc63bb4f9f0946f0c179b3df4f0e908d81324d2a7ebbc2b6aaf20bbad9383093b7f8d0db8be8b5c6
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/Build/pub.key
-
Size
344B
-
MD5
ba85a0b00c8a2cfeba6d94816855dad7
-
SHA1
0afdfad7a392faf24c070888104acbfb4643e3a6
-
SHA256
91ec37166dd39d7d443a47365a3d83b330aeff5ba0cfefc6c5b64abf793dc16f
-
SHA512
6c3a3404d3dc1dcb321d61cdc8bb0c55adfb3641ec32c9744ded3841b73fe01e29cdb5df6023717cb9af5d793883ae3eb309b893ca3340141f2c359be227df81
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/builder.exe
-
Size
469KB
-
MD5
c2bc344f6dde0573ea9acdfb6698bf4c
-
SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
-
SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
-
SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0
-
SSDEEP
12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/config.json
-
Size
8KB
-
MD5
72c54c48912dc21aca3d9b8e90b571ba
-
SHA1
0fa98b807a14372826c712e3e8134edb70f0b985
-
SHA256
c3b96515e828071d9bea5ce96e920c8c6a0ec80814dd969c4769afdb0f6012c4
-
SHA512
e9e23fb55253172e01c7712c3766b70021af074d954eaf3409d729bf809d427651d6a44c4977e4554a2475b50e66f3b491b5baba33e4720b608f19c19bb17301
-
SSDEEP
192:sm26pOWU6ig4HJmLDHqlexR4qjIuoIyig4H8mLDHU:sba5U6ApmZrIoyAcm0
Score3/10 -
-
-
Target
lockbit3.0-main/lockbit3.0-main/LockBit30/keygen.exe
-
Size
31KB
-
MD5
71c3b2f765b04d0b7ea0328f6ce0c4e2
-
SHA1
bf8ecb6519f16a4838ceb0a49097bcc3ef30f3c4
-
SHA256
ea6d4dedd8c85e4a6bb60408a0dc1d56def1f4ad4f069c730dc5431b1c23da37
-
SHA512
1923db134d7cee25389a07e4d48894dde7ee8f70d008cd890dd34a03b2741a54ec1555e6821755e5af8eae377ef5005e3f9afceb4681059bc1880276e9bcf035
-
SSDEEP
768:A6+T41GjHbdWCWDwDD01riWpJxKpAQJs/3JGIDLQ5:b+U+hHIBpJxixgQ
Score3/10 -
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1