General
-
Target
usfive_20210819-215421
-
Size
2KB
-
Sample
210819-hsk68crzej
-
MD5
3e06325ec38f23fd8f26216641963d44
-
SHA1
ebbc18e69b89136ca4ea7cbd2bcd801aa4fbfb73
-
SHA256
4c31eccb460bef397e6100e1ecd85c3a2b823b893a9a9add4bb83fde8f9b122b
-
SHA512
f2e6fbcfca6733b9b7aac9f5bd3c41899dd1a6b3a1ee9caff1bc3274c307fc84565e74b88af87e107507ba813e2994d943fca8b2cdee15348567fa0720e238f2
Malware Config
Targets
-
-
Target
usfive_20210819-215421
-
Size
2KB
-
MD5
3e06325ec38f23fd8f26216641963d44
-
SHA1
ebbc18e69b89136ca4ea7cbd2bcd801aa4fbfb73
-
SHA256
4c31eccb460bef397e6100e1ecd85c3a2b823b893a9a9add4bb83fde8f9b122b
-
SHA512
f2e6fbcfca6733b9b7aac9f5bd3c41899dd1a6b3a1ee9caff1bc3274c307fc84565e74b88af87e107507ba813e2994d943fca8b2cdee15348567fa0720e238f2
Score10/10-
Lu0bot
Lu0bot is a lightweight infostealer written in NodeJS.
-
suricata: ET MALWARE lu0bot Loader HTTP Request
suricata: ET MALWARE lu0bot Loader HTTP Request
-
suricata: ET MALWARE lu0bot Loader HTTP Response
suricata: ET MALWARE lu0bot Loader HTTP Response
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-