df53d5d9fd823812fe6f8da727dda6c5422eb6f10ec45db2325fa0fc2db91684

Sharing

Copy URL

Twitter E-mail

General

Target

LBOTS_V2_FREE_LOGIN.zip
Size

1.8MB
Sample

230411-rkz25aee8w
MD5

54da9a363ddac5217e23b155c1f59faa
SHA1

193763dc06e8d1d0680300046b1c9246a8d0887b
SHA256

df53d5d9fd823812fe6f8da727dda6c5422eb6f10ec45db2325fa0fc2db91684
SHA512

403509983ab1ff5d65e839bb5f23fbcbd3dfe5d3a52beb8640f87e835ac7481d60a3422f4b85472fcc3f137475f5e08605a96ccaf81986ed46b2e1d47e97aa5c
SSDEEP

49152:j2gOKRD/CZIBuYnacM0jAD8n3el/qllYI2rgpqkmgPgLYKRl:jmKRDKZ6XacM0jE83dllYI2rgpqkmgPK

Score

8^/10

Malware Config

Targets

- Target
  
  LBOTS_V2_FREE_LOGIN.zip
- Size
  
  1.8MB
- MD5
  
  54da9a363ddac5217e23b155c1f59faa
- SHA1
  
  193763dc06e8d1d0680300046b1c9246a8d0887b
- SHA256
  
  df53d5d9fd823812fe6f8da727dda6c5422eb6f10ec45db2325fa0fc2db91684
- SHA512
  
  403509983ab1ff5d65e839bb5f23fbcbd3dfe5d3a52beb8640f87e835ac7481d60a3422f4b85472fcc3f137475f5e08605a96ccaf81986ed46b2e1d47e97aa5c
- SSDEEP
  
  49152:j2gOKRD/CZIBuYnacM0jAD8n3el/qllYI2rgpqkmgPgLYKRl:jmKRDKZ6XacM0jE83dllYI2rgpqkmgPK
Score

1^/10
behavioral1
- Target
  
  LBOTS V2 FREE LOGIN/Captcha_Service.js
- Size
  
  550B
- MD5
  
  173e20bab9fcb89b2efb965c67159908
- SHA1
  
  ef8de9bebf0b6125c9a52cf15d7a6c2b3dd275c0
- SHA256
  
  9d8003961e6f26474fdcf8f8449c73c980a4a3351efb974058a5f8786bee4fb9
- SHA512
  
  c830fcdef27eed3aeb4d1f441ad2624150a209cd5209bfcfdc07bd3efeeef37ff6ddaada7bf0e90e751c17f546c31c36e51bd41754ca5c5d6bc899dff2be1d67
Score

8^/10

microsoft discovery persistence phishing
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral2
- Target
  
  LBOTS V2 FREE LOGIN/DiscordRPC.dll
- Size
  
  80KB
- MD5
  
  9ed0cc60faa1ca995f75dc8b4bf407c4
- SHA1
  
  87dc3a8ef47d8b2f6c0c4570adfe91188b7dc960
- SHA256
  
  acfde5b1463c95832dd7757a0407d7b81584d1f2aa5175095ca88a47535b2557
- SHA512
  
  9ae2c83aff79dbbde9ac3499a52398241cb9342eb12d3212dacebbaf5dd3d25fb1675b2a27982cbc77f1eb3f025ebc23b28581c40e374979d64fac3aad7c2771
- SSDEEP
  
  1536:q+nxJexI0myeXrvyBuaekzvaUUozZPM9o+mnxVS49:q+nex5mRXrvyzTe9o+mR9
Score

1^/10
behavioral3
- Target
  
  LBOTS V2 FREE LOGIN/Headers.ini
- Size
  
  21KB
- MD5
  
  9dadb4a500e1fd49e2bdec691994d18d
- SHA1
  
  9f56e08d1c3914416edbd421ce934c8f60832642
- SHA256
  
  767fc111bb9af46db7cfbf916685ec8b80a1c27be690f742e3a39cd2fe29ee68
- SHA512
  
  1f98b0507f87b578eb6568357154b55968ff496483e9d2aee2745bb1dd482b5d43ef5c254a17311f8c2d97dded738b283ddf4bf3ca21d111a3f0db19ca1cb76c
- SSDEEP
  
  384:S2A8e7CB7ToNacU4e8rAwAVToNy2DukI79opR3+T3narHIcLSPGC:BeGBaaNpvwAVToNLff230LSGC
Score

1^/10
behavioral4
- Target
  
  LBOTS V2 FREE LOGIN/LBots.deps.json
- Size
  
  2KB
- MD5
  
  56c16886636a7c91b294adaa9d021917
- SHA1
  
  e44d546170c9ef90a31adb632d807d2c65c9921c
- SHA256
  
  3485b832f38596b38d6ecd5d001ecda90214ce0936da2dd145ed32f1f901047d
- SHA512
  
  0876ef6dc34c6efe0980132b45be7c8f723513911537ab35624141ce570daa0fcaba2cd3b6edb34047b339401b467a6106fc739f7a4d10f3e726625a4c086996
Score

3^/10
behavioral5
- Target
  
  LBOTS V2 FREE LOGIN/LBots.dll
- Size
  
  1.4MB
- MD5
  
  110c90d13670ce6497ca9c1874d988b4
- SHA1
  
  32a9e98874ef9b0e058e466ad345dd19d8d5f1cd
- SHA256
  
  9b6297f82a1f9e8a61c9e986a8472206920657851fc0db8f7ce4b68479983135
- SHA512
  
  86a6555809805d1892b70d131651a526765ed832d3846beee36ea3cab190e187f5c3e99d999e1cc080404459bda0d504a500cc0003415a2b841323cab3923b0c
- SSDEEP
  
  24576:r/dFY2idvn1qCZ/qfqDpgnkt5vUryNNxvhm:rrFhCZyfcunUcGxo
Score

1^/10
behavioral6
- Target
  
  LBOTS V2 FREE LOGIN/LBots.exe
- Size
  
  123KB
- MD5
  
  db6b3100438744abcd6a8096bcfb0c52
- SHA1
  
  aa2847aa689267dc5247e77ca2968e0ce3444d34
- SHA256
  
  2119e178b2bfec6f432bdd341b41f2e3ac0cbe3763084030e5ab044ebf6559d2
- SHA512
  
  f3ff4da7e775a1870453b10a0ca3f14b1c99bc99de1135e11c0e99b8b6aa77a78961a83346d05c938d7fe62464f7fc1757eab3556c52600863eed9950e6ae9e6
- SSDEEP
  
  3072:+l0xIHQmEb9liHk29+E8Ufjz1BNOG/QJpXvjotkg:X9OwG/QbEtk
Score

1^/10
behavioral7
- Target
  
  LBOTS V2 FREE LOGIN/LBots.pdb
- Size
  
  89KB
- MD5
  
  6901c72ea66ca337a9171f0d7858265b
- SHA1
  
  e9d63d1d06beb15e3ff9663d89fd16c1cb5a6c07
- SHA256
  
  62b4e1bb3bf00d410d51b687b1c629ee067722c0576afd1d8d1501813b5dd153
- SHA512
  
  52fe58f03ac7258955ef2cf311038a270811e5ba1729a538ee130210ad254d4272b79926ddca37f3da92bab22a574a19c655c4aad0bee08500fe629746d2982c
- SSDEEP
  
  1536:I5hzL/TpoI/FoptADxbaWala+DZpVLlc/4StHD62LxlZoOW8P17GJXbpb:IT7toYFoptI6d1LUk2Zo/8d7Y
Score

3^/10
behavioral8
- Target
  
  LBOTS V2 FREE LOGIN/LBots.runtimeconfig.dev.json
- Size
  
  186B
- MD5
  
  e6cfa15a628696ac78d056c4e726f64e
- SHA1
  
  c388bdd0ab66aca2674f469cde8ac5315307312f
- SHA256
  
  f331a17ecaa5ed87cfcc94c1e702e0a5ce7a236acbc69774df5e1ca3d9607f57
- SHA512
  
  8122d032bc03a07fe2c22da39351c86c32e82fc2a948918fc9741cff3872d3a1eae2fc07416268817da69f99fe078cabc8b0acfcdd8b605089a753ff142be4e5
Score

3^/10
behavioral9
- Target
  
  LBOTS V2 FREE LOGIN/LBots.runtimeconfig.json
- Size
  
  154B
- MD5
  
  42cfea46ed97e8dbbd7bd335329ec2ac
- SHA1
  
  c4861e68c17b69f8beffb68d9198c5b49d15da9a
- SHA256
  
  3620d53dc87b4aa2cbd50b5ca80baa3e3a017d9d38cb72f690e44295afc33f77
- SHA512
  
  51d132a2ec34ba11b4a806870e7955b8bc5caea9e783a38918859cf8fa988552bd40fb6c71e21cacf8e7164d5ce12f2a5665f990f58ef99527bde8dffc1b5a2b
Score

3^/10
behavioral10
- Target
  
  LBOTS V2 FREE LOGIN/Newtonsoft.Json.dll
- Size
  
  679KB
- MD5
  
  916d32b899f1bc23b209648d007b99fd
- SHA1
  
  e3673d05d46f29e68241d4536bddf18cdd0a913d
- SHA256
  
  72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661
- SHA512
  
  60bd2693daa42637f8ae6d6460c3013c87f46f28e9b0dbf9d7f6764703b904a7c8c22e30b4ba13f1f23f6cbee7d9640ee3821c48110e67440f237c2bb2ee5eb6
- SSDEEP
  
  12288:1eos/POdGV5jfWrV/9Yeh9eRcyLfLYtT5mWxTZ/B7jW5JMtRRpKzQk:10/POdGV5jfW5VnhFyvOB7jW5JMty
Score

1^/10
behavioral11
- Target
  
  LBOTS V2 FREE LOGIN/Sulakore.Generators.dll
- Size
  
  12KB
- MD5
  
  d822c7cf128559ed0d3f24f13f19fe17
- SHA1
  
  1cda311482f8e83dce41e2a13ac626f04a415c79
- SHA256
  
  fd0d382102992de1101d518fe439a408ed39a3eefc370376b2811a5607d55e60
- SHA512
  
  c054b151c33a37e70b428c12161002e972582db47513c998f4ee581f41d4d3103e5f7abae571d377adb0c19bf6003c48bea3e02617563cb6d33a4352046d2a45
- SSDEEP
  
  384:i72y8nctDMCkAlpkW9kImBjmqhlNcsTdcy:wmllBTyy
Score

1^/10
behavioral12
- Target
  
  LBOTS V2 FREE LOGIN/Sulakore.dll
- Size
  
  450KB
- MD5
  
  5398818a76cadef71000d737b1ce2222
- SHA1
  
  8a1e6599b83527440a33ac38ffc579c5295c6671
- SHA256
  
  ce6f4d566d8ce560a1ce38bc3c1c3f6c74b737ef7d21c23b1ba6d27adc47b32e
- SHA512
  
  7229410c871d8818cbd4c7b98d12bb7f19b2f42233e60088b76710aadb1fb6d12a80ac25524571c949761602ee97d9d69783c844d07de84d5d178bfb06e1c06a
- SSDEEP
  
  6144:glF7+obq5ygtPYyHLzg4ja0HZfhvk9kn39YTmxzY3pa9dN+Q6e1TxZB6ru80ruFY:gEN1FW0Tvu
Score

1^/10
behavioral13
- Target
  
  LBOTS V2 FREE LOGIN/Sulakore.pdb
- Size
  
  161KB
- MD5
  
  92a77b1ebe3610ec3e4e748635b51821
- SHA1
  
  023e2ff6945ce059b8dbdb08600578381ed30ecc
- SHA256
  
  e584c65f5e0e544c8d25a6bfa3e888848422f673f9437f27ebe1bb9ba3e9af77
- SHA512
  
  7dca29b4cf5f5083902bfa067acbad306ab8211ba4a2f819aeebd9ba44cbc6dbc07a41f283f0f5cbc59de3a599d1a21046acf7beebafd424267939c51d6b50c7
- SSDEEP
  
  3072:FaZkDYQg2AmuEYrN8D8QcLrgqn/1ENvVr:Q1QDADrN87cHgvvB
Score

3^/10
behavioral14
- Target
  
  LBOTS V2 FREE LOGIN/TwoCaptcha.dll
- Size
  
  24KB
- MD5
  
  e1ed437812996a295d8ad629ca02caf4
- SHA1
  
  635ad1a83ccc5405e4685290d4cc09c0edfd771c
- SHA256
  
  a009213badc4d0aa154d23ff760c4724fc544fddf2cd9586bf829aeea27e4815
- SHA512
  
  8206b5fb362c554c6fd8266a35029bd0766832ecabaed593dd83a1a5391705fc8bfe1912d1e8d03e2968e21446dfa204179a80cba2bffeeffe25d9028c594edf
- SSDEEP
  
  384:MUTYKA9HNs+8DPMD9JVWTKYL6M/CjaSYAxyNPEhI/OCKcY5ucJrXtpiO:Ms1oHNs+GPaMTj6M/CqA8j/CcRUL
Score

1^/10
behavioral15
- Target
  
  LBOTS V2 FREE LOGIN/accounts.txt
- Size
  
  14B
- MD5
  
  f7d019eb67212273c6c5bd1800831645
- SHA1
  
  e9cb053e550210333e4cc642ad310107ee402296
- SHA256
  
  2babbdb952d580f722fb7df69bc97f396cd89e63b2e1e07dbd37a1c5df921d9c
- SHA512
  
  b246a2561d0e4f4706b4159d09979dd1082a6b03ac82ff7f80837f2e39601a7c2bd63bd901f920b578e2103c524c6209205b726f144a1960bacc204dd71df3b9
Score

1^/10
behavioral16
- Target
  
  LBOTS V2 FREE LOGIN/cache.json
- Size
  
  182B
- MD5
  
  4ef075d8e40fc198e9f7be938f6243a6
- SHA1
  
  89c5f04f664bf87d7e96cc2355303c6171ec4c94
- SHA256
  
  7ed48cee90df2421c342fdb36f0c1dd989a3d5ff324edcd8c7e64d0ad47fa8b1
- SHA512
  
  d224819c16664f2cec3696f60b22f8be2bb4c788416fbfd224f111996a3611ad18b46eb38d2ae95514ffbda5f67773934673b23cdf5b914709154cdd2aee2766
Score

3^/10
behavioral17
- Target
  
  LBOTS V2 FREE LOGIN/websocket-sharp.dll
- Size
  
  221KB
- MD5
  
  169d5bae15e2c6dc13386a8aa34ce367
- SHA1
  
  fa2f5085473304191a4684da5b38935105906178
- SHA256
  
  339c740207f308d9e86b03a4d45d29f17c52476d1ecda88afa9f607966d226fc
- SHA512
  
  f28381088fe3be65570e3e2e2a0c07632bc05416f53058c7125d3f02d44063bd56a5544e0076a38e278a955a4f3bc26ba49cd46333f7a58c96005eafe6234970
- SSDEEP
  
  3072:HHOD3s/RCKVA0RZg3WfWreo10EHwtAmPWaJNCKLLXKMWwNI58MBTJkajsNlVU1sU:Ks/TVlZgGXo2EHwoV8MJJ5NQZSJgI
Score

1^/10
behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18