LockFile Ransomware Download

Posted Under: Download Free Malware Samples , Malware, Ransomware, Windows on Aug 25, 2021
LockFile Ransomware Download
LockFile Ransomware is a new threat actor that exploits PetitPotam vulnerability Windows domains NTLM relay to take over and encrypt victims data. It weaponized open-source code to achieve this feat. LockFile ransomware encrypts user data with AES and RSA and then asks to contact UTox to find out how to pay the ransom and get the files back. LockFile ransomware is very similar to the one used by the LockBit ransomware group. Files used by Lockfile Ransomware are
  • LOCKFILE-README.hta - ransom demand file.
  • LockFile - Primary executable.
  • active_desktop_render.dll - malicious dll.
  • active_desktop_launcher.exe - legitimate KuGou Active Desktop launcher.The legitimate KuGou Active Desktop launcher is abused to perform a DLL hijacking attack to load the malicious active_desktop_render.dll to evade detection.
  • autoupdate.exe - a malicious file that is unique for each victim.
  • EfsPotato.exe - a malicious file used by PetitPotam.
  • autologin.bat - a malicious batch file to run.
  • autologin.exe (Hamakaze.exe) - file name from KDU toolkit.
  • autologin.dll (Tanikaze.dll) - file name from KDU toolkit.
  • autologin.sys - the name of the file from the KDU toolkit, KDU toolkit is a set of Kernel Driver Utility tools.

LockFile Ransomware Signatures

Family: Ransom.LockFile
MD5: 52e1fed4c521294c5de95bba958909c1
SHA256: bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce

LockFile Ransomware Download

Download LockFile Ransomware Sample

LockFile Ransomware Malicious DLL Signatures

Family: HEUR:Trojan.Win32.Agent.gen
MD5: 957af740e1d88fabdaf73bd619cb3d31
SHA256: ed834722111782b2931e36cfa51b38852c813e3d7a4d16717f59c1d037b62291

LockFile Ransomware Malicious DLL Download

Download LockFile Ransomware Malicious DLL Sample