Overview

overview

10

Static

static

usfive_202...05.exe

windows7_x64

10

usfive_202...05.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    usfive_20210720-060205

  • Size

    3KB

  • Sample

    210720-9dv9wttvax

  • MD5

    463127c9a2b5eb1bca799aced10e4954

  • SHA1

    df78c1cca98d6f260f744a2b0639e1fff1c11a5e

  • SHA256

    863c612734f5ff0ff0ea3fed7fd790dfb43c47eecdc1417bcd82c0ad866419af

  • SHA512

    86c01a90941ad53e7d5c77b64c249bb0b4a69d9cc0f3e3971813464312a80ef6b06caef24cec9e9e194a25f0e667eafb445acbe9ce220830e4681312b498d9a4

Score
10/10
lu0botdiscoverystealertrojan

Malware Config

Targets

    • Target

      usfive_20210720-060205

    • Size

      3KB

    • MD5

      463127c9a2b5eb1bca799aced10e4954

    • SHA1

      df78c1cca98d6f260f744a2b0639e1fff1c11a5e

    • SHA256

      863c612734f5ff0ff0ea3fed7fd790dfb43c47eecdc1417bcd82c0ad866419af

    • SHA512

      86c01a90941ad53e7d5c77b64c249bb0b4a69d9cc0f3e3971813464312a80ef6b06caef24cec9e9e194a25f0e667eafb445acbe9ce220830e4681312b498d9a4

    Score
    10/10
    lu0botdiscoverystealertrojan

    • Lu0bot

      Lu0bot is a lightweight infostealer written in NodeJS.

      trojanstealerlu0bot

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks