A Detailed Analysis of The LockBit Ransomware
Common Information
| Type | Value |
|---|---|
| UUID | 0f7ab6c5-4d2e-4535-92b8-d97506af4494 |
| Fingerprint | 66faf34bc0c6651c167ed00fb93c5119e20dfdbad4cac76afa1ad54313c04fc5 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Feb. 23, 2022, 11 a.m. |
| Added to db | April 14, 2024, 9:03 a.m. |
| Last updated | Aug. 31, 2024, 3:49 a.m. |
| Headline | A Detailed Analysis of The LockBit Ransomware |
| Title | A Detailed Analysis of The LockBit Ransomware |
| Detected Hints/Tags/Attributes | 109/2/53 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | www.lifars.com |
|
| Details | Domain | 13 | lifars.com |
|
| Details | 8 | info@lifars.com |
||
| Details | File | 33 | gdiplus.dll |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 59 | netapi32.dll |
|
| Details | File | 3 | gpedit.dll |
|
| Details | File | 47 | oleaut32.dll |
|
| Details | File | 69 | shlwapi.dll |
|
| Details | File | 80 | msvcrt.dll |
|
| Details | File | 14 | activeds.dll |
|
| Details | File | 45 | mpr.dll |
|
| Details | File | 52 | bcrypt.dll |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 53 | iphlpapi.dll |
|
| Details | File | 41 | wtsapi32.dll |
|
| Details | File | 9 | win32u.dll |
|
| Details | File | 11 | comdlg32.dll |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 21 | combase.dll |
|
| Details | File | 19 | winspool.drv |
|
| Details | File | 1 | c:\windows\system32\2ed873.ico |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 38 | restore-my-files.txt |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 101 | iconcache.db |
|
| Details | File | 100 | ntuser.dat.log |
|
| Details | File | 243 | autorun.inf |
|
| Details | File | 99 | bootsect.bak |
|
| Details | File | 143 | thumbs.db |
|
| Details | File | 1 | c:\windows\syswow64\2ed873.ico |
|
| Details | File | 4 | lockbit.exe |
|
| Details | File | 36 | c:\windows\system32\mshta.exe |
|
| Details | File | 3 | tmp.bmp |
|
| Details | File | 10 | simply.sys |
|
| Details | sha256 | 4 | 9feed0c7fa8c1d32390e1c168051267df61f11b048ec62aa5b8e66f60e8083af |
|
| Details | IPv4 | 11 | 127.0.0.7 |
|
| Details | Windows Registry Key | 1 | HKCR\.lockbit |
|
| Details | Windows Registry Key | 1 | HKCU\SOFTWARE\2ED873D4E5389C |
|
| Details | Windows Registry Key | 1 | HKCU\Software\2ED873D4E5389C\Private |
|
| Details | Windows Registry Key | 1 | HKCU\Software\2ED873D4E5389C\Public |
|
| Details | Windows Registry Key | 1 | HKCR\Lockbit |
|
| Details | Windows Registry Key | 1 | HKCR\.hta |
|
| Details | Windows Registry Key | 1 | HKCR\htafile |
|
| Details | Windows Registry Key | 2 | HKEY_CLASSES_ROOT\Lockbit\shell\Open\Command |
|
| Details | Windows Registry Key | 2 | HKEY_CLASSES_ROOT\Lockbit\DefaultIcon |
|
| Details | Windows Registry Key | 1 | HKEY_CLASSES_ROOT\.lockbit\DefaultIcon |
|
| Details | Windows Registry Key | 1 | HKEY_CLASSES_ROOT\htafile\DefaultIcon |
|
| Details | Windows Registry Key | 37 | HKCU\Control |