General

  • Target

    usfive_20210720-060205

  • Size

    3KB

  • Sample

    210720-9dv9wttvax

  • MD5

    463127c9a2b5eb1bca799aced10e4954

  • SHA1

    df78c1cca98d6f260f744a2b0639e1fff1c11a5e

  • SHA256

    863c612734f5ff0ff0ea3fed7fd790dfb43c47eecdc1417bcd82c0ad866419af

  • SHA512

    86c01a90941ad53e7d5c77b64c249bb0b4a69d9cc0f3e3971813464312a80ef6b06caef24cec9e9e194a25f0e667eafb445acbe9ce220830e4681312b498d9a4

Malware Config

Targets

    • Target

      usfive_20210720-060205

    • Size

      3KB

    • MD5

      463127c9a2b5eb1bca799aced10e4954

    • SHA1

      df78c1cca98d6f260f744a2b0639e1fff1c11a5e

    • SHA256

      863c612734f5ff0ff0ea3fed7fd790dfb43c47eecdc1417bcd82c0ad866419af

    • SHA512

      86c01a90941ad53e7d5c77b64c249bb0b4a69d9cc0f3e3971813464312a80ef6b06caef24cec9e9e194a25f0e667eafb445acbe9ce220830e4681312b498d9a4

    • Lu0bot

      Lu0bot is a lightweight infostealer written in NodeJS.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

MITRE ATT&CK Enterprise v6

Tasks