Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Posted by deepcore on July 5, 2022 – 9:20 pm

Lockbit version 3.0 ransomware looks for and executes DLLs in its current directory. Therefore, we can hijack a DLL, in this case “RstrtMgr.dll”, execute our own code, and terminate the malware pre-encryption. The exploit DLL checks if the current directory is “C:\Windows\System32” and if not we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Stock Management System 2020 SQL Injection Google: Half Of Zero-Day Exploits Linked To Poor Software Fixes »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Ransom Lockbit 3.0 MVID-2022-0621 Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL