MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LockBit


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
SHA3-384 hash: cdeec776dc54d36c633543690151693bea5fad514ffc3456eb56402455893f52c67f5ba6e7eeb04696bc996cd4247026
SHA1 hash: 4ded4b1d4866a4adf534f5a4eb66386465fe3120
MD5 hash: d96d2bcf13d55740f3bb64d45d2db94d
humanhash: april-blossom-leopard-whiskey
File name:82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
Download: download sample
Signature LockBit
Create hunting rule
File size:604'899 bytes
First seen:2024-12-23 11:19:06 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 1536:Kk0H/lFq+N1mfoRlNyjZk11iBQcIY1Y+qFMJFOgvZ/wpKDcalOGODPNTbJYj6CJh:QA
TLSH T1C5D42AF063A099E3B6D94993A265195D3B2A103FBDC635D84083FBDD1C7BAC08A19CD7
Magika powershell
Reporter TheRavenFile
Tags:lockbit lockbit4.0 powershell ps1 Ransomware


Avatar
RakeshKrish12
Source: https://theravenfile.com/2024/06/26/the-return-of-lockbit/

Intelligence

File Origin
# of uploads :
1
# of downloads :
340
Origin country :
IN IN
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Encoder.35959.18189.32419.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67694a798a4d48ee35fe7b0e
Tags:
vmdetect virus spawn sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm powershell
Link:
https://www.filescan.io/uploads/6769476a3bf0477cc1c0b0a2/reports/1c1adea5-385b-440c-bf61-76d49426652b/overview
Verdict:
Malicious
Labled as:
PWSH.Loki.A.Generic
Link:
https://www.hybrid-analysis.com/sample/82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
Result
Verdict:
MALICIOUS
Result
Threat name:
LockBit ransomware, Metasploit
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1579862
Signature
AI detected suspicious sample
Found post-exploitation toolkit Empire
Loading BitLocker PowerShell Module
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious PowerShell Parameter Substring
Yara detected LockBit ransomware
Yara detected MetasploitPayload
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579862 Sample: eszstwQPwq.ps1 Startdate: 23/12/2024 Architecture: WINDOWS Score: 92 18 Malicious sample detected (through community Yara rule) 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Yara detected MetasploitPayload 2->22 24 3 other signatures 2->24 7 powershell.exe 15 2->7         started        process3 process4 9 powershell.exe 23 7->9         started        12 conhost.exe 7->12         started        signatures5 26 Found post-exploitation toolkit Empire 9->26 28 Loading BitLocker PowerShell Module 9->28 14 WerFault.exe 20 16 9->14         started        16 conhost.exe 9->16         started        process6
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908/
Threat name:
Script-PowerShell.Trojan.Lockbit
Create hunting rule
Status:
Malicious
First seen:
2024-12-19 22:25:10 UTC
File Type:
Text (PowerShell)
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qlmju5oyb2aojpsczhvxtzabkwgj7iyxkzem2daem7zn4gqhveea._file
Verdict:
malicious
Label(s):
lockbit
Create hunting rule
Similar samples:
error
LockBit
Result
Malware family:
lockbit
Create hunting rule
Score:
  10/10
Tags:
family:lockbit discovery execution ransomware
Link:
https://tria.ge/reports/241223-nnv1ssypfx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Program crash
System Location Discovery: System Language Discovery
Lockbit
Lockbit family
Rule to detect Lockbit 3.0 ransomware Windows payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_powershell
Create hunting rule
Author:daniyyell
Description:Detects suspicious PowerShell activity related to malware execution
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments