lockbit | lb4_svchost[.]exe | Triage

Sharing

General

Target

lb4_svchost.exe
Size

145KB
MD5

0e7adc219b82b823214edc523797b83e
SHA1

eb40b252523621aea48448efc0bf6b971cc906e7
SHA256

5a3cc12e20a0ecc79f526cd28344d24f48ff4f6da89235293edd264f02f69404
SHA512

44ab6ea43112e2c361c1303a4fb5e6edb9e0390c9c571ae0c8d7a87cb0a472d9fc2f034c98235db2676019bf025e09d5bfa7e783cfa4de5225be7acc9e51ba97
SSDEEP

1536:izICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD5bwnHm/1BviIdU/IqbNLu75RjJ:hqJogYkcSNm9V7D50nH2viI2xadRj1T

Score

10^/10

Malware Config

Signatures

Lockbit family
lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource yara_rule

sample family_lockbit
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

lb4_svchost.exe

Files

lb4_svchost.exe
.exe windows:5 windows x86 arch:x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ