lobshot | e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6 | Triage

Submit
Reports

Overview

overview

Static

static

e4ea888877...f6.exe

windows7-x64

e4ea888877...f6.exe

windows10-2004-x64

Sharing

General

Target

e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
Size

93KB
Sample

230621-jpvdfagb48
MD5

f05dbb721b31f12466b6114adc2fce39
SHA1

ff7bb5b04b87c1e4b0f9eaf7988fd92d84e25c6b
SHA256

e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
SHA512

bd8669b5ad88a654a65db9579da4f2990d725261bee958ec0c7d6db3f112e170c50ea5541a81b5f1c3ff48419dfe50fc644d4da5b8d3b74983a8e16d8acb9553
SSDEEP

1536:y6aJHA5jXjYE30YS9PGD1uPVEWlrYtI/8CnP0qYmGl6HCIGJgTnr4n:y6aJHAdp3rsPAuPZ3ECnPYmGlWVTnr4

Score

10^/10

lobshot backdoor persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6.exe

Resource

win7-20230220-en

lobshot backdoor persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6.exe

Resource

win10v2004-20230220-en

lobshot backdoor persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
- Size
  
  93KB
- MD5
  
  f05dbb721b31f12466b6114adc2fce39
- SHA1
  
  ff7bb5b04b87c1e4b0f9eaf7988fd92d84e25c6b
- SHA256
  
  e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
- SHA512
  
  bd8669b5ad88a654a65db9579da4f2990d725261bee958ec0c7d6db3f112e170c50ea5541a81b5f1c3ff48419dfe50fc644d4da5b8d3b74983a8e16d8acb9553
- SSDEEP
  
  1536:y6aJHA5jXjYE30YS9PGD1uPVEWlrYtI/8CnP0qYmGl6HCIGJgTnr4n:y6aJHAdp3rsPAuPZ3ECnPYmGlWVTnr4
Score

10^/10

lobshot backdoor persistence spyware stealer
- Detects Lobshot family
- Lobshot
  Lobshot is a backdoor module written in c++.
  backdoor lobshot
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lobshotbackdoorpersistencespywarestealer

behavioral2

lobshotbackdoorpersistencespywarestealer

© 2018-2025

Terms | Privacy