MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LockBit


Vendor detections: 14


Intelligence 14 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
SHA3-384 hash: ea59237f779c89214e0687de9d1806f2b7c15b2489dda12ee17977372ea27e7350bb6f9bffb93d9a5773d926c15a14b6
SHA1 hash: ed69c7493d53fb91758d5c0145e0e35abc2ab3fc
MD5 hash: c747d254c6d42c00e4150288a6198a47
humanhash: carpet-salami-victor-artist
File name:test_pass.exe
Download: download sample
Signature LockBit
Create hunting rule
File size:157'184 bytes
First seen:2025-12-06 17:31:25 UTC
Last seen:2025-12-06 19:32:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3bc510de773c954bd69d33670cb624d6 (10 x BlackMatter, 3 x LockBit)
ssdeep 3072:mY+xaCkDC5Gvuy7rEMdZy6BTJ1GqiTLR6EiWuOlUnUKZaV:mJqC5lyfdZy6ZGzVUn/aV
Threatray 5 similar samples on MalwareBazaar
TLSH T118E312A341075D79DB89297BCE5C263C962D6E806E50F5E578A8F803DCF38FFA900459
TrID 25.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
19.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.1% (.EXE) Win32 Executable (generic) (4504/4/1)
7.8% (.EXE) Win16/32 Executable Delphi generic (2072/23)
7.8% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter juroots
Tags:exe lockbit

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
test_pass.exe
Verdict:
No threats detected
Analysis date:
2025-12-06 17:45:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9681f0e7-28b7-4d7c-a969-99a94576bace

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42819/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.35621.11077.24498.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69346989920336450abc09fe
Tags:
virus xpack
Verdict:
Malicious
Labled as:
Ransom.BlackMatter.Generic
Link:
https://www.hybrid-analysis.com/sample/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-12-06T15:27:00Z UTC
Last seen:
2025-12-06T18:41:00Z UTC
Hits:
~10
Detections:
VHO:Trojan-Ransom.Win32.Convagent.gen Trojan-Ransom.Win32.Lockbit.sb HEUR:Trojan-Ransom.Win32.Generic
Link:
https://opentip.kaspersky.com/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9/results?tab=lookup
Malware family:
BlackMatter Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5a9def2f-35f2-4ece-adf0-7c8388980d9c
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/c747d254c6d42c00e4150288a6198a47
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9/
Verdict:
Malicious
Threat:
Family.LOCKBIT
Link:
https://tip.neiki.dev/file/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
Threat name:
Win32.Ransomware.Lockbit
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 14:53:14 UTC
File Type:
PE (Exe)
AV detection:
22 of 24 (91.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mn56jvg7kznnskm34ixbtxvmvi2d6bovn646ucrad6ybflepjx4q._file
Verdict:
malicious
Label(s):
lockbit
Create hunting rule
Similar samples:
637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
LockBit
69487c2f91495cfda293735fc01ac8d516b48359171e3b53581ccf3145bfb527
LockBit
6adb8f7da4d7ff92c40f0f8231c7469865b170b440be5f2789724a2abe005b30
LockBit
82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
LockBit
error
LockBit
Result
Malware family:
lockbit
Create hunting rule
Score:
  10/10
Tags:
family:lockbit discovery ransomware
Link:
https://tria.ge/reports/251206-v544cscm4y/
Behaviour
Program crash
System Location Discovery: System Language Discovery
Lockbit
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
Verdict:
Suspicious
Tags:
ransomware lockbit
YARA:
RAN_Lockbit_v3_Jun_2022_1 RANSOM_Lockbit_Black_Packer Windows_Ransomware_Lockbit_369e1e94 LockBit3
Link:
https://app.threat.zone/submission/8aa01822-c76f-4119-b044-e946a49301a6
Unpacked files
SH256 hash:
637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9
MD5 hash:
c747d254c6d42c00e4150288a6198a47
SHA1 hash:
ed69c7493d53fb91758d5c0145e0e35abc2ab3fc
Detections:
win_lockbit_auto
Create hunting rule
Link:
https://www.unpac.me/results/0a484ef0-ff06-4101-b429-d23a6d36dedc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lockbit
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CyberCrime_LockBit_Ransomware
Create hunting rule
Author:gmrdkd@s2w.inc
Description:Detection LockBit 3.0/Black rule
Rule name:LockBit3_ransomware
Create hunting rule
Author:BlackBerry
Description:Rule detecting Lockbit3 ransomware samples
Rule name:LockbitBlack_Loader
Create hunting rule
Author:Zander Work
Description:Hunting rule for the Lockbit Black loader, based on https://twitter.com/vxunderground/status/1543661557883740161
Rule name:RANSOM_Lockbit_Black_Packer
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the packer used by Lockbit Black (Version 3)
Reference:https://twitter.com/vxunderground/status/1543661557883740161
Rule name:RAN_Lockbit_v3_Jun_2022_1
Create hunting rule
Author:Arkbird_SOLG
Description:Detect the lockbit ransomware
Reference:https://twitter.com/vxunderground/status/1543661557883740161
Rule name:Windows_Ransomware_Lockbit_369e1e94
Create hunting rule
Author:Elastic Security
Rule name:win_lockbit_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.lockbit.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LockBit

Executable exe 637be4d4df565ad9299be22e19deacaa343f05d56fb9ea0a201fb012ac8f4df9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3727756/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/42819/

Comments