Overview

overview

10

Static

static

10

LBLeak/Build.bat

windows11-21h2-x64

3

LBLeak/builder.exe

windows11-21h2-x64

3

LBLeak/config.json

windows11-21h2-x64

3

LBLeak/keygen.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    16s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-09-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LBLeak/Build.bat

  • Size

    741B

  • MD5

    4e46e28b2e61643f6af70a8b19e5cb1f

  • SHA1

    804a1d0c4a280b18e778e4b97f85562fa6d5a4e6

  • SHA256

    8e83a1727696ced618289f79674b97305d88beeeabf46bd25fc77ac53c1ae339

  • SHA512

    009b17b515ff0ea612e54d8751eef07f1e2b54db07e6cd69a95e7adf775f3c79a0ea91bff2fe593f2314807fdc00c75d80f1807b7dbe90f0fcf94607e675047b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\LBLeak\Build.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\keygen.exe
      keygen -path C:\Users\Admin\AppData\Local\Temp\LBLeak\Build -pubkey pub.key -privkey priv.key
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1248
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type dec -privkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3Decryptor.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2960
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3560
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -exe -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_pass.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3460
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4088
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -dll -pass -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_Rundll32_pass.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:572
    • C:\Users\Admin\AppData\Local\Temp\LBLeak\builder.exe
      builder -type enc -ref -pubkey C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key -config config.json -ofile C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\LB3_ReflectiveDll_DllMain.dll
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3596
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4720

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\priv.key
      Filesize

      344B

      MD5

      876bb78260ef7e75c35388028e6564f2

      SHA1

      14c3b2f58d7b2a1378be121bce78e9f2f92920ff

      SHA256

      8d0a68814d8c4ed4ba485dc3295396f8e33414d3da5ab33062c6329bb0d6f5ba

      SHA512

      ca17bad96c4fa52b110de5429df4f786696fc94b11df17a29e2bf1033e4a64ce16790e2b3077b850e1e91f9b5a2a80d2081c67b579adce885b15d93eb6f1f934

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\LBLeak\Build\pub.key
      Filesize

      344B

      MD5

      cfdae327b3c974e5f5cacb1a2ee40b4c

      SHA1

      91f2a8e8c0003e59d976fc856b9bb59674ddcdef

      SHA256

      8f8defc48f875a6e34f60ce2f84ec4b390f9673331f71f211702a5cc21ed87f9

      SHA512

      2e4378eed9eeaab115e4898d9169b50f49514773bffeb309b8ff7f0ca03b4c3f6084d25ccc40ede44199edb3679d3669a8ae927ebdf0fa1de004794123290a3b

      Download Submit