Overview

overview

10

Static

static

3

052cee21bf...69.exe

windows7-x64

10

052cee21bf...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    052cee21bf536d51bcaf66edc262a1c391dea5a941cda58b83bf1eea43037169

  • Size

    200KB

  • Sample

    230621-jppg7ahd41

  • MD5

    5d026af9171c4bcec7b38ff42b1fb266

  • SHA1

    e97563e92862f5284352147ba3de4fca45e11f81

  • SHA256

    052cee21bf536d51bcaf66edc262a1c391dea5a941cda58b83bf1eea43037169

  • SHA512

    c5fbb96bfb4e9de7ac71ce9595678e9e724a9728bb26085f2e411d29638ffb2e74e3106375a5251b96d01f2007752559a042b22ce4594bda8a0982c588c288ce

  • SSDEEP

    3072:I+GDsJ1H1GwWQKKPMnbEB58DXKo+XEC5rBRJx0Q+R:L3H1gQKKPubEB5xo+XTBRf0Q

Score
10/10
lobshotbackdoorpersistencespywarestealer

Malware Config

Targets

    • Target

      052cee21bf536d51bcaf66edc262a1c391dea5a941cda58b83bf1eea43037169

    • Size

      200KB

    • MD5

      5d026af9171c4bcec7b38ff42b1fb266

    • SHA1

      e97563e92862f5284352147ba3de4fca45e11f81

    • SHA256

      052cee21bf536d51bcaf66edc262a1c391dea5a941cda58b83bf1eea43037169

    • SHA512

      c5fbb96bfb4e9de7ac71ce9595678e9e724a9728bb26085f2e411d29638ffb2e74e3106375a5251b96d01f2007752559a042b22ce4594bda8a0982c588c288ce

    • SSDEEP

      3072:I+GDsJ1H1GwWQKKPMnbEB58DXKo+XEC5rBRJx0Q+R:L3H1gQKKPubEB5xo+XTBRf0Q

    Score
    10/10
    lobshotbackdoorpersistencespywarestealer

    • Detects Lobshot family

    • Lobshot

      Lobshot is a backdoor module written in c++.

      backdoorlobshot

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks