MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LockBit


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 2
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce
SHA3-384 hash: 76ff38df891429470516e2955b60b4691ee5c31cafef3f2277beccf3ce016e6cb25361c491544df02e0e0179f39478b3
SHA1 hash: f2a72bee623659d3ba16b365024020868246d901
MD5 hash: 38745539b71cf201bb502437f891d799
humanhash: twelve-green-skylark-montana
File name:80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce
Download: download sample
Signature LockBit
Create hunting rule
File size:165'888 bytes
First seen:2022-07-03 18:21:37 UTC
Last seen:2022-07-03 18:39:14 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a50a0d82b9120fc73965c28fea79e1f9 (4 x LockBit, 3 x BlackMatter)
ssdeep 3072:MC/pu0EzJTnvxkIKztqGJ0OtiZ4/7I5jfa2F63Jvb3iN0RD3xpjb68Tzd4Tpx8W7:MC/pu1iIKztqGuU/7Ity2F65vb3FRlpW
TLSH T103F3125005673DCAD24823B2DECB93BD804A9139069AB1648FE13B38DFE14BDBC45B5B
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.5% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.EXE) Win16/32 Executable Delphi generic (2072/23)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter vxunderground
Tags:exe lockbit lockbit black lockbit3 Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
2'176
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.exe
Verdict:
Suspicious activity
Analysis date:
2022-07-03 18:50:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ceb23466-2730-48ca-8dc9-e6c9e3427ebe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Heur.UT.kuW@aG4Vbyc.29462.6141.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62c1de88dd037e27032cdf3d/reports/f334c014-e8a5-4aa3-bcb6-933bb874d8ba/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/31805f6c-8a0a-4a89-ba1c-8ce2ec4eaa4b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1023732
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce/
Threat name:
Win32.Ransomware.Lockbit
Create hunting rule
Status:
Malicious
First seen:
2022-07-03 18:22:06 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qdun56sto4aywcj3loin4dzjk73qmikeza5atjllxip6j3njglha._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220703-wzwepsbgfq/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce
MD5 hash:
38745539b71cf201bb502437f891d799
SHA1 hash:
f2a72bee623659d3ba16b365024020868246d901
Link:
https://www.unpac.me/results/8215cf58-5236-4b4b-9df3-ee759c56446d/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments


Avatar
lgd.huhm commented on 2022-07-07 07:03:18 UTC

hi, vx-underground
I want execution this lockbit 3.0 file.
just run flow method on cmd ?? (or powershell?)

Avatar
vx-underground commented on 2022-07-03 18:55:48 UTC

Execution method:

{04830965-76E6-6A9A-8EE1-6AF7499C1D08}.exe -k LocalServiceNetworkRestricted -pass db66023ab2abcb9957fb01ed50cdfa6a