Source |
Malware Hell |
Identifiant |
8314737 |
Date de publication |
2022-07-13 00:00:00 (vue: 2023-03-01 20:12:23) |
Titre |
Reversing Additional Lockbit 3.0 API Hashing |
Texte |
I was watching @herrcore’s OALabs stream on Lockbit 3.0. After he wrote a utility to decrypt additional data from the ransomware, he noticed one of the buffers was a Portable Executable (PE) file. It had an interesting API hashing routine, we would be reversing for the next stream.
I decided to have a closer look. 😄
Analysis This is an interesting sample, I have not mapped out its full functionality yet. |
Envoyé |
Oui |
Condensat |
NoVal |
Tags |
|
Stories |
|
Notes |
★★★★
|
Move |
|