Overview
overview
8Static
static
1LBOTS_V2_F...IN.zip
windows10-1703-x64
1LBOTS V2 F...ice.js
windows10-1703-x64
8LBOTS V2 F...PC.dll
windows10-1703-x64
1LBOTS V2 F...rs.ini
windows10-1703-x64
1LBOTS V2 F...s.json
windows10-1703-x64
3LBOTS V2 F...ts.exe
windows10-1703-x64
1LBOTS V2 F...ts.exe
windows10-1703-x64
1LBOTS V2 F...ts.pdb
windows10-1703-x64
3LBOTS V2 F...v.json
windows10-1703-x64
3LBOTS V2 F...g.json
windows10-1703-x64
3LBOTS V2 F...on.dll
windows10-1703-x64
1LBOTS V2 F...rs.dll
windows10-1703-x64
1LBOTS V2 F...re.dll
windows10-1703-x64
1LBOTS V2 F...re.pdb
windows10-1703-x64
3LBOTS V2 F...ha.dll
windows10-1703-x64
1LBOTS V2 F...ts.txt
windows10-1703-x64
1LBOTS V2 F...e.json
windows10-1703-x64
3LBOTS V2 F...rp.dll
windows10-1703-x64
1Analysis
-
max time kernel
384s -
max time network
446s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
11-04-2023 14:15
Static task
static1
Behavioral task
behavioral1
Sample
LBOTS_V2_FREE_LOGIN.zip
Resource
win10-20230220-es
Behavioral task
behavioral2
Sample
LBOTS V2 FREE LOGIN/Captcha_Service.js
Resource
win10-20230220-es
Behavioral task
behavioral3
Sample
LBOTS V2 FREE LOGIN/DiscordRPC.dll
Resource
win10-20230220-es
Behavioral task
behavioral4
Sample
LBOTS V2 FREE LOGIN/Headers.ini
Resource
win10-20230220-es
Behavioral task
behavioral5
Sample
LBOTS V2 FREE LOGIN/LBots.deps.json
Resource
win10-20230220-es
Behavioral task
behavioral6
Sample
LBOTS V2 FREE LOGIN/LBots.exe
Resource
win10-20230220-es
Behavioral task
behavioral7
Sample
LBOTS V2 FREE LOGIN/LBots.exe
Resource
win10-20230220-es
Behavioral task
behavioral8
Sample
LBOTS V2 FREE LOGIN/LBots.pdb
Resource
win10-20230220-es
Behavioral task
behavioral9
Sample
LBOTS V2 FREE LOGIN/LBots.runtimeconfig.dev.json
Resource
win10-20230220-es
Behavioral task
behavioral10
Sample
LBOTS V2 FREE LOGIN/LBots.runtimeconfig.json
Resource
win10-20230220-es
Behavioral task
behavioral11
Sample
LBOTS V2 FREE LOGIN/Newtonsoft.Json.dll
Resource
win10-20230220-es
Behavioral task
behavioral12
Sample
LBOTS V2 FREE LOGIN/Sulakore.Generators.dll
Resource
win10-20230220-es
Behavioral task
behavioral13
Sample
LBOTS V2 FREE LOGIN/Sulakore.dll
Resource
win10-20230220-es
Behavioral task
behavioral14
Sample
LBOTS V2 FREE LOGIN/Sulakore.pdb
Resource
win10-20230220-es
Behavioral task
behavioral15
Sample
LBOTS V2 FREE LOGIN/TwoCaptcha.dll
Resource
win10-20230220-es
Behavioral task
behavioral16
Sample
LBOTS V2 FREE LOGIN/accounts.txt
Resource
win10-20230220-es
Behavioral task
behavioral17
Sample
LBOTS V2 FREE LOGIN/cache.json
Resource
win10-20230220-es
Behavioral task
behavioral18
Sample
LBOTS V2 FREE LOGIN/websocket-sharp.dll
Resource
win10-20230220-es
General
-
Target
LBOTS V2 FREE LOGIN/cache.json
-
Size
182B
-
MD5
4ef075d8e40fc198e9f7be938f6243a6
-
SHA1
89c5f04f664bf87d7e96cc2355303c6171ec4c94
-
SHA256
7ed48cee90df2421c342fdb36f0c1dd989a3d5ff324edcd8c7e64d0ad47fa8b1
-
SHA512
d224819c16664f2cec3696f60b22f8be2bb4c788416fbfd224f111996a3611ad18b46eb38d2ae95514ffbda5f67773934673b23cdf5b914709154cdd2aee2766
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 5080 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\LBOTS V2 FREE LOGIN\cache.json"1⤵
- Modifies registry class
PID:3576
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5080