| Template | malware-analysis |
| Case | Ransomware sample analysis (CASE-MAL) |
| FIR | FIR-2026-77 |
| Analyst | Pallavi Pawar |
| Organisation | Innovativa SoftTech |
| malware.sampleName: LockBit variant |
| malware.sampleHash: 7d6b24a3c139a44fdcd0ddf53d833ee73b04c1d30bffdde637ed2281f3424a01 |
| malware.analysisType: Static + dynamic (sandbox) |
| malware.tool: Cuckoo Sandbox, IDA, e-Dex |
| malware.findings: The sample encrypts user files with AES-256 and appends a .lockbit extension, contacts a command-and-control host over HTTPS, and drops a ransom note. No anti-VM evasion was observed in this run. The sample hash and dropped artifacts are listed in the annexure. |
| ANNEXURE |
| 1. evidence-1.dd | 53477376 | Verified |
| SHA-256=874e9c3ea2b3c4dda2b3c4e5a2b3c4eda2b3c4f5a2b3c4fda2b3c505a2b3c50d |
| 2. evidence-2.dd | 54525952 | Verified |
| SHA-256=913213d9a3b4c5dea3b4c5e6a3b4c5eea3b4c5f6a3b4c5fea3b4c606a3b4c60e |
| VERIFICATION verified=2 failed=0 errors=0 |
| DECLARATION I certify that I analysed the malware sample identified above using the analysis type and tools recorded, that the cryptographic hash values of the sample and any artifacts are reproduced in the annexure, and that the findings stated above are a true and accurate record of the results of that analysis to the best of my knowledge, information and belief. |