Managed XDR

chuongdong64_zeroseed.exe (Lockbit) — malware analysis report

File info

Filename
chuongdong64_zeroseed.exe
File type
PE32+ executable (console) x86-64, for MS Windows
File size
711.9 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
4acf407b752965de85fee31e8a7aa30957d08fd3
SHA256
de8b5beca428eb0fed0bb8e70a23bdd07ffb66f16d5819e53f4e734e0c6fdac7
MD5
27c8ec620e6c0d12eba576e8ca82dcb1

Malwares

  • Lockbit

Signatures

Defense Evasion

T1027.002 unnamed_memory_regions_contains_pe: One or several unnamed memory regions are PE files
T1036.001 invalid_authenticode: Digital signature of the executable file has failed the verification
T1027.002 unnamed_memory_regions: Code was executed in unnamed regions
T1027.002 packer_entropy: Probably contains compressed or encrypted data

Impact

T1486 ransomware_message: Ransomware indicators detected (possible ransom message creation)

Other

lockbit: Detected ransomware Lockbit
static_pe_anomaly: The PE file structure contains anomalies
require_administrator: Requests administrator privileges
suspicious_network_port: Performs TCP or UDP request to non-standard port
pe_overlay: PE file contains overlay

Related reports

Managed XDR