Overview
overview
10Static
static
10LordsBot-Release.zip
windows10-2004-x64
1GameAssets...ct.txt
windows10-2004-x64
1GameAssets...st.txt
windows10-2004-x64
1GameAssets...ct.txt
windows10-2004-x64
1GameAssets...er.txt
windows10-2004-x64
1GameAssets...my.txt
windows10-2004-x64
1GameAssets/TDHero.txt
windows10-2004-x64
1GameAssets...st.txt
windows10-2004-x64
1GameAssets...ge.txt
windows10-2004-x64
1GameAssets/Table.crc
windows10-2004-x64
3GameAssets/Talent.txt
windows10-2004-x64
1GameAssets...Lv.txt
windows10-2004-x64
1GameAssets...ee.txt
windows10-2004-x64
1GameAssets/Tech.txt
windows10-2004-x64
1GameAssets...nd.txt
windows10-2004-x64
1GameAssets...SP.txt
windows10-2004-x64
1GameAssets...P2.txt
windows10-2004-x64
1GameAssets/TechLv.txt
windows10-2004-x64
1GameAssets...SP.txt
windows10-2004-x64
1GameAssets...P2.txt
windows10-2004-x64
1GameAssets...on.txt
windows10-2004-x64
1GameAssets/TechSP.txt
windows10-2004-x64
1GameAssets...ee.txt
windows10-2004-x64
1GameAssets...SP.txt
windows10-2004-x64
1GameAssets...06.txt
windows10-2004-x64
1GameAssets...01.txt
windows10-2004-x64
1InstallNet6.bat
windows10-2004-x64
7Lords Monitor.exe
windows10-2004-x64
7LordsMobileBot.exe
windows10-2004-x64
7MSVCP120.dll
windows10-2004-x64
1MSVCR120.dll
windows10-2004-x64
1Updater.exe
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-es -
resource tags
arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
28-01-2024 04:27
Behavioral task
behavioral1
Sample
LordsBot-Release.zip
Resource
win10v2004-20231215-es
Behavioral task
behavioral2
Sample
GameAssets/Subscriptioneffect.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral3
Sample
GameAssets/TDCardCost.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral4
Sample
GameAssets/TDCardEffect.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral5
Sample
GameAssets/TDChapter.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral6
Sample
GameAssets/TDEnemy.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral7
Sample
GameAssets/TDHero.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral8
Sample
GameAssets/TDHeroPlaylist.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral9
Sample
GameAssets/TDStage.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral10
Sample
GameAssets/Table.crc
Resource
win10v2004-20231215-es
Behavioral task
behavioral11
Sample
GameAssets/Talent.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral12
Sample
GameAssets/TalentLv.txt
Resource
win10v2004-20231222-es
Behavioral task
behavioral13
Sample
GameAssets/TalentTree.txt
Resource
win10v2004-20231222-es
Behavioral task
behavioral14
Sample
GameAssets/Tech.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral15
Sample
GameAssets/TechKind.txt
Resource
win10v2004-20231222-es
Behavioral task
behavioral16
Sample
GameAssets/TechKindSP.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral17
Sample
GameAssets/TechKindSP2.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral18
Sample
GameAssets/TechLv.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral19
Sample
GameAssets/TechLvSP.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral20
Sample
GameAssets/TechLvSP2.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral21
Sample
GameAssets/TechRecommendation.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral22
Sample
GameAssets/TechSP.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral23
Sample
GameAssets/TechTree.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral24
Sample
GameAssets/TechTreeSP.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral25
Sample
GameAssets/TileMapEx_006.txt
Resource
win10v2004-20231222-es
Behavioral task
behavioral26
Sample
GameAssets/TileMapEx_101.txt
Resource
win10v2004-20231215-es
Behavioral task
behavioral27
Sample
InstallNet6.bat
Resource
win10v2004-20231222-es
Behavioral task
behavioral28
Sample
Lords Monitor.exe
Resource
win10v2004-20231215-es
Behavioral task
behavioral29
Sample
LordsMobileBot.exe
Resource
win10v2004-20231215-es
Behavioral task
behavioral30
Sample
MSVCP120.dll
Resource
win10v2004-20231215-es
Behavioral task
behavioral31
Sample
MSVCR120.dll
Resource
win10v2004-20231215-es
Behavioral task
behavioral32
Sample
Updater.exe
Resource
win10v2004-20231222-es
General
-
Target
LordsMobileBot.exe
-
Size
200.3MB
-
MD5
800f8861421f562b2ec25ef99ea53d7c
-
SHA1
c920b98212f27c4735dbeb1279791b490775a5d9
-
SHA256
b380bc2b932a5ed4f1899cbdfae2e04e33ad401df9109ae45bbb95192316d35d
-
SHA512
a93f6d78bb5afd127de46217cfc9a92dd2c6c0997ca4baf97cba7d4c4071c8a9069969c2b9c4ad69fa042864bf6343db6eb2a1096205abe3b05c2a3070a6467f
-
SSDEEP
6291456:sk1WAOfraPInVSWAOfraPkWAOfraPZYWAOfraP5WAOfraPeWAOfraPgP:VdP
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
LordsMobileBot.exepid process 3664 LordsMobileBot.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
LordsMobileBot.exepid process 3664 LordsMobileBot.exe 3664 LordsMobileBot.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
LordsMobileBot.exeUpdater.exedescription pid process Token: SeDebugPrivilege 3664 LordsMobileBot.exe Token: SeDebugPrivilege 864 Updater.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
LordsMobileBot.exepid process 3664 LordsMobileBot.exe 3664 LordsMobileBot.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
LordsMobileBot.exedescription pid process target process PID 3664 wrote to memory of 864 3664 LordsMobileBot.exe Updater.exe PID 3664 wrote to memory of 864 3664 LordsMobileBot.exe Updater.exe PID 3664 wrote to memory of 864 3664 LordsMobileBot.exe Updater.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\LordsMobileBot.exe"C:\Users\Admin\AppData\Local\Temp\LordsMobileBot.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Users\Admin\AppData\Local\Temp\Updater.exe"C:\Users\Admin\AppData\Local\Temp\Updater.exe" --no-diag2⤵
- Suspicious use of AdjustPrivilegeToken
PID:864
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD521184c4444b13c67546c7acf7f6ad8e3
SHA1806fb111900a0ec8bee1f658c6828b9e005f1111
SHA25614f61c269509eb27083883d5e8edcf9ed14f3b62cfbfb69f4f7434d64a7fa924
SHA5129c55f71051f7c83d8644c7eaf500a5ea887aa75886480fcb607e3540f482afde0cc11396e3c2be936bd6418ce76a752132391c97b2620927a9a694eee99380eb