Analysis
-
max time kernel
125s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
-
submitted
23-06-2023 07:39
General
-
Target
07872299.exe
-
Size
93KB
-
MD5
f05dbb721b31f12466b6114adc2fce39
-
SHA1
ff7bb5b04b87c1e4b0f9eaf7988fd92d84e25c6b
-
SHA256
e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
-
SHA512
bd8669b5ad88a654a65db9579da4f2990d725261bee958ec0c7d6db3f112e170c50ea5541a81b5f1c3ff48419dfe50fc644d4da5b8d3b74983a8e16d8acb9553
-
SSDEEP
1536:y6aJHA5jXjYE30YS9PGD1uPVEWlrYtI/8CnP0qYmGl6HCIGJgTnr4n:y6aJHAdp3rsPAuPZ3ECnPYmGlWVTnr4
Malware Config
Signatures
-
Detects Lobshot family 2 IoCs
-
Lobshot
Lobshot is a backdoor module written in c++.
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 20 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07872299.exe"C:\Users\Admin\AppData\Local\Temp\07872299.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c (ping -n 10 127.0.0.1) & (del /F /Q "C:\Users\Admin\AppData\Local\Temp\07872299.exe") & (start "" "C:\ProgramData\c0807493.exe")2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 10 127.0.0.13⤵
- Runs ping.exe
-
-
C:\ProgramData\c0807493.exe"C:\ProgramData\c0807493.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe C:\ProgramData\c0807493.exe4⤵
-
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
93KB
MD5f05dbb721b31f12466b6114adc2fce39
SHA1ff7bb5b04b87c1e4b0f9eaf7988fd92d84e25c6b
SHA256e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
SHA512bd8669b5ad88a654a65db9579da4f2990d725261bee958ec0c7d6db3f112e170c50ea5541a81b5f1c3ff48419dfe50fc644d4da5b8d3b74983a8e16d8acb9553
-
Filesize
93KB
MD5f05dbb721b31f12466b6114adc2fce39
SHA1ff7bb5b04b87c1e4b0f9eaf7988fd92d84e25c6b
SHA256e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6
SHA512bd8669b5ad88a654a65db9579da4f2990d725261bee958ec0c7d6db3f112e170c50ea5541a81b5f1c3ff48419dfe50fc644d4da5b8d3b74983a8e16d8acb9553