General

  • Target

    usfive_20210619-091549

  • Size

    2KB

  • Sample

    210619-g94lc8jxex

  • MD5

    5c377a96ac9dd5bd2148e42d328fe237

  • SHA1

    c9b412f7a62d1142c2845ffb472041601952eb87

  • SHA256

    3a8ffe53dce3cc92dd54f8ee34c3f9a8db950c80b53ffb44f36b43123297bea0

  • SHA512

    550e85434db90f71975b91a9239e2f8db40cebad811e7d27ccd061402b85e3446dea4e6c127da94ab83911d7ac0afef19c0ebcbd77fac8ddb2c6161c8b684314

Malware Config

Targets

    • Target

      usfive_20210619-091549

    • Size

      2KB

    • MD5

      5c377a96ac9dd5bd2148e42d328fe237

    • SHA1

      c9b412f7a62d1142c2845ffb472041601952eb87

    • SHA256

      3a8ffe53dce3cc92dd54f8ee34c3f9a8db950c80b53ffb44f36b43123297bea0

    • SHA512

      550e85434db90f71975b91a9239e2f8db40cebad811e7d27ccd061402b85e3446dea4e6c127da94ab83911d7ac0afef19c0ebcbd77fac8ddb2c6161c8b684314

    • Lu0bot

      Lu0bot is a lightweight infostealer written in NodeJS.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Persistence

Hidden Files and Directories

1
T1158

Defense Evasion

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Process Discovery

1
T1057

Tasks