Categories: Ransom

Ransom:Win32/Lockbit.STB malicious file

The Ransom:Win32/Lockbit.STB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Ransom:Win32/Lockbit.STB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Creates RWX memory
  • NtSetInformationThread: attempt to hide thread from debugger
  • Dynamic (imported) function loading detected
  • Manipulates data from or to the Recycle Bin
  • Access the NetLogon registry key, potentially used for discovery or tampering
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Attempts to stop active services
  • Exhibits possible ransomware file modification behavior
  • Attempts to disable Windows Defender
  • Anomalous binary characteristics

How to determine Ransom:Win32/Lockbit.STB?



File Info:

name: 03B14473EEF5B7E38D9A.mlwpath: /opt/CAPEv2/storage/binaries/a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6ecrc32: D79BBD4Emd5: 03b14473eef5b7e38d9a5041c1af0a76sha1: 371353e9564c58ae4722a03205ac84ab34383d8csha256: a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6esha512: eb39446791d4cdbfcd13dfc3ee1902cbc80f946d177e53a2927ef1e53257113e904ae5b5711a5622769b45bfcb961cd9c33158ad9c1f5e1258ff91d8bc753615ssdeep: 3072:o5uyulsHwDV1gFnTwn7zwJGJ+ut5kCI5Gzei3N2VzRmK:o5uZ1DPgFnk7EJwZI5gDN2VVmtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T165F36C227112D177C4A239F1B32A76A1B39D8E2C16A8A453FAF8DF0538778237F15947sha3_384: 678b1c28bd8049e637192e8359173e252ea8e7f9f05fdd0667268497ce1e4b4d986fe5afa5dd2eb65096d004c56e11a4ep_bytes: 900f1f840000000000e883fbffff0f1ftimestamp: 2022-06-27 14:55:54

Version Info:

0: [No Data]

Ransom:Win32/Lockbit.STB also known as:

Bkav W32.AIDetect.malware1
Elastic Windows.Ransomware.Lockbit
MicroWorld-eScan Trojan.GenericKD.61021889
FireEye Generic.mg.03b14473eef5b7e3
CAT-QuickHeal Ransom.Lockbit3.S28401281
ALYac Trojan.Ransom.LockBit
Cylance Unsafe
VIPRE Trojan.GenericKD.61021889
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 00589e951 )
BitDefender Trojan.GenericKD.61021889
K7GW Trojan ( 00589e951 )
CrowdStrike win/malicious_confidence_100% (W)
VirIT Trojan.Win32.Genus.LHX
Cyren W32/ABRisk.KQVI-5753
Symantec Trojan.Gen.MBT
tehtris Generic.Malware
ESET-NOD32 Win32/Filecoder.BlackMatter.E
APEX Malicious
Paloalto generic.ml
Kaspersky Trojan-Ransom.Win32.Lockbit.aq
Alibaba Ransom:Win32/Lockbit.2b9c59d9
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Trojan.Win32.Z.Lazy.165888.A
Rising Trojan.Generic@AI.94 (RDML:gUX0SyjmPjQi6kVmvPn+iA)
Ad-Aware Trojan.GenericKD.61021889
Sophos Mal/Generic-S + Troj/Lockbit-F
Comodo Malware@#7iufhsftddh7
DrWeb Trojan.PWS.Siggen3.19271
Zillya Trojan.Encoder.Win32.3076
TrendMicro Ransom.Win32.LOCKBIT.YXCGFT
McAfee-GW-Edition BehavesLike.Win32.VirRansom.cc
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKD.61021889 (B)
Ikarus Trojan-Ransom.BlackMatter
Jiangmin Trojan.Encoder.auh
Webroot W32.Ransom.Lockbit
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Trojan/Generic.ASMalwS.720E
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft Ransom:Win32/Lockbit.STB
GData Trojan.GenericKD.61021889
Cynet Malicious (score: 100)
AhnLab-V3 Ransomware/Win.LockBit.C5191980
McAfee RDN/Ransom
MAX malware (ai score=100)
VBA32 TrojanRansom.BlackMatter
Malwarebytes Ransom.LockBit
Panda Trj/GdSda.A
TrendMicro-HouseCall Ransom.Win32.LOCKBIT.YXCGFT
Tencent Malware.Win32.Gencirc.11fd9259
Yandex Trojan.Encoder!3PYRZMzYLQI
SentinelOne Static AI – Malicious PE
MaxSecure Trojan.Malware.185525898.susgen
Fortinet W32/Filecoder_BlackMatter.E!tr.ransom
BitDefenderTheta AI:Packer.6B017F231E
AVG Win32:CrypterX-gen [Trj]
Avast Win32:CrypterX-gen [Trj]

How to remove Ransom:Win32/Lockbit.STB?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Ransom:Win32/Lockbit.STB
2 years ago

Recent Posts

About “Babar.463894” infection

The Babar.463894 is considered dangerous by lots of security experts. When this infection is active,…

54 seconds ago

What is “Malware.AI.1871717646”?

The Malware.AI.1871717646 is considered dangerous by lots of security experts. When this infection is active,…

15 mins ago

Malware.AI.4278300635 (file analysis)

The Malware.AI.4278300635 is considered dangerous by lots of security experts. When this infection is active,…

21 mins ago

Generic.Dialer.FFC8005B removal instruction

The Generic.Dialer.FFC8005B is considered dangerous by lots of security experts. When this infection is active,…

46 mins ago

Should I remove “RemoteAdmin.Win32.RAdmin.ad”?

The RemoteAdmin.Win32.RAdmin.ad is considered dangerous by lots of security experts. When this infection is active,…

1 hour ago

About “Lazy.189388” infection

The Lazy.189388 is considered dangerous by lots of security experts. When this infection is active,…

2 hours ago