A technical analysis of the leaked LockBit 3.0 builder



This is our analysis of the LockBit 3.0 builder that was leaked online on September 21, 2022. The executable called “keygen.exe” can be used to generate the RSA public and private keys that are embedded in the encryptor and decryptor, respectively. The builder embedded 4 resources used to create executables or DLL files according to the command line parameters. As in the case of Conti leaks, we’ll probably encounter LockBit-forked ransomware because of the builder’s availability.


Read More