Overview

overview

10

Static

static

eufive_202...30.exe

windows7_x64

10

eufive_202...30.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eufive_20210727-125230

  • Size

    3KB

  • Sample

    210727-f17qzxlkea

  • MD5

    a761191fcfbb734c45f3d7ba61d2ccde

  • SHA1

    3d37da91baf133d14e746d85cc9d8197d78cd0b9

  • SHA256

    545b3f1af9322de70ef2b27c9b383be4f6c22f508320d55d4b3787cc0eebce50

  • SHA512

    6add2e95ba16cac3ffc60697df7df9ba30b437aed94a1593bce7808ae686f980792a7327e8a204e40ba149b9d42045a3952ba1e32b0a5f24a0d3e38488f8a6ed

Score
10/10
lu0botdiscoverystealersuricatatrojan

Malware Config

Targets

    • Target

      eufive_20210727-125230

    • Size

      3KB

    • MD5

      a761191fcfbb734c45f3d7ba61d2ccde

    • SHA1

      3d37da91baf133d14e746d85cc9d8197d78cd0b9

    • SHA256

      545b3f1af9322de70ef2b27c9b383be4f6c22f508320d55d4b3787cc0eebce50

    • SHA512

      6add2e95ba16cac3ffc60697df7df9ba30b437aed94a1593bce7808ae686f980792a7327e8a204e40ba149b9d42045a3952ba1e32b0a5f24a0d3e38488f8a6ed

    Score
    10/10
    lu0botdiscoverystealersuricatatrojan

    • Lu0bot

      Lu0bot is a lightweight infostealer written in NodeJS.

      trojanstealerlu0bot

    • suricata: ET MALWARE lu0bot Loader HTTP Request

      suricata

    • suricata: ET MALWARE lu0bot Loader HTTP Response

      suricata

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks