Lockbit analysis study

Posted date 23/03/2023

This study briefly describes the origin and threat evolution of the ransomware LockBit 3.0, through the analysis of several malicious samples, with the aim of providing the necessary information to identify the characteristics of this malware, its behaviour and the techniques used, thus enabling a better identification and response to it.

The detailed technical report was created following a methodology which includes both static and dynamic analysis of the samples within a controlled environment. Using tools such as 7z, PEstudio, IDA Pro, VirtualBox, Sysmon and others listed in the report, it has been possible to extract information about the defence techniques used by the threat, the encryption used on the affected files, a number of additional execution parameters and a configuration and text strings that are decrypted during execution.

Also included are indicators of compromise (IOCs) associated with LockBit 3.0 and tactics, techniques and procedures (TTPs).