lobshot | e4ae8588f62682be84eb88b833c16400aa233a3dfb3d917e0ead080d41486592 | Triage

Submit
Reports

Overview

overview

Static

static

ae22167072...2b.exe

windows7-x64

ae22167072...2b.exe

windows10-2004-x64

Sharing

General

Target

09843899.exe
Size

52KB
Sample

230623-jnbjyaee8s
MD5

bb6041b17e9d6c61d1ef7dd20cfecf91
SHA1

2d5f05567b87069387119e89d7bf55d91aab8a5e
SHA256

e4ae8588f62682be84eb88b833c16400aa233a3dfb3d917e0ead080d41486592
SHA512

4cd4b1b32d69af3a704471a881112dddf2e01beacc0d17f86714326dbad155b88c3155ecea25230f1db6c4cccba904649ed262c376cfe46b70a13e58c5ec002e
SSDEEP

1536:ZQQA1O7KzmmY6V+QHMEnFJoAAt4txp4Sr:264XHMEnFGttSxp4w

Score

10^/10

lobshot backdoor persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b.exe

Resource

win7-20230621-en

lobshot backdoor persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b.exe

Resource

win10v2004-20230621-en

lobshot backdoor persistence spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
- Size
  
  94KB
- MD5
  
  93fd11cf69ac4f2b596f4e51a561b7b0
- SHA1
  
  077e1d02b17f023a13e64b43d9b19764705e3e8d
- SHA256
  
  ae221670729038f92398b7fe4e08928ea6ebc0c1d006c63c8a3bac2e30770c2b
- SHA512
  
  4d870ba8af1617982c5f0e9cbd2da6fa5b0f109b8cd9ef2e6f7fcefacd4e44a13a018e2d1733798e59d2bbe62d337c121eef3408efb315252eed729dd1cb6372
- SSDEEP
  
  1536:QNDrcwsIe38pzMX4Zm3QVd4lrYKIgInPv2Pvl/XNas2fRBW5nrJrc:QNDrpArCcQVd46bnPvuozrW5nrJo
Score

10^/10

lobshot backdoor persistence spyware stealer
- Detects Lobshot family
- Lobshot
  Lobshot is a backdoor module written in c++.
  backdoor lobshot
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lobshotbackdoorpersistencespywarestealer

behavioral2

lobshotbackdoorpersistencespywarestealer

© 2018-2025

Terms | Privacy