Dosya Kimligi
| SHA256 | 0d38f8bf831f1dbb1b02bce1ddb76f3b69c9278e2d48af08e67ecd0f5d43eb0 |
|---|---|
| Dosya Adi | LBB_pass.bin (LockBit Builder) |
| Boyut | 165.888 byte |
| String Sayisi | 804 |
C2 Konfigurasyonu
WoLc2 -- LockBit C2 config string
LockBit 3.0 Hakkinda
LockBit 3.0 (LockBit Black), Eylul 2022'de kaynak kodu (2022 leak) ile yeniden ornekleri ortaya cikan ransomware ailesidir. BlackMatter kodu karistirilmis, ECDH asimetrik sifreleme ve intermittent encryption (kismi dosya sifreleme) kullanir. LBB (LockBit Builder) binary'si, affiliate'lerin ozellestirilmis ransomware ornegi uretmesine olanak tanir.
IOC
| SHA256 | 0d38f8bf831f1dbb1b02bce1ddb76f3b69c9278e2d48af08e67ecd0f5d43eb0 |
|---|---|
| Dosya | LockBit Builder Binary (LBB_pass.bin) |
LockBit — Malware Profile
LockBit 3.0 (LockBit Black). bl3.exe builder. CryptProtectMemory DPAPI key protection. WinRAR SFX delivery.
Technical Details
C, RSA-2048 + AES-256 sifreleme (hibrid), vssadmin ile shadow copy silme, Active Directory enum, LockBit Builder ile ozel varyant uretimi, multi-threaded encryption, ransom note TXT/HTA
Capabilities & Behavior
IOC List (1 indicators)
# SHA256
0d38f8bf831f1dbb1b02bce1ddb76f3b69c9278e2d48af08e67ecd0f5d43eb0
| Type | Value | Note |
|---|---|---|
| sha256 | 0d38f8bf831f1dbb1b02bce1ddb76f3b69c9278e2d48af08e67ecd0f5d43eb0 | len=63 |
C2 Servers (2 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| 35.227.107.189 | ip | 443 | HTTPS | sinkholed | US |
| 89.185.85.239 | ip | 443 | HTTPS | sinkholed | NL |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.