Overview

overview

8

Static

static

3

Lanos v3 r...ro.exe

windows11-21h2-x64

7

Lanos v3 r...er.bat

windows11-21h2-x64

8

Lanos v3 r...eck.js

windows11-21h2-x64

3

Lanos v3 r...nim.js

windows11-21h2-x64

3

Lanos v3 r...ipt.js

windows11-21h2-x64

3

Lanos v3 r...nim.py

windows11-21h2-x64

3

Lanos v3 r...ipt.py

windows11-21h2-x64

3

Lanos v3 r...es.bat

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lanos rewrite.zip

  • Size

    17.0MB

  • Sample

    241121-p6hzmawrbp

  • MD5

    6b59c9ce54d7e5794f7fd2eed92a1374

  • SHA1

    ec42d2cc4b48de955b691ca409e2392f95a2fe6f

  • SHA256

    82d2db2c2f0b34fab402d175cda0f8cddf588a585496e6575ec4e122a59ad7dd

  • SHA512

    ab6e5722d4bb56978d01979d782330a0219e0d8001ad7ed63f7de2e708bf548bb630d887f287dfa29d48595e1f07b76fa47783d418bcee9edfaeb271a115823c

  • SSDEEP

    393216:9jDN884Q2N596kGK1fcJexU5j+Upnka7uEj9MCqjA1RhAUUqe:9jDN884nj6u1f5xUc1a7uEj6ShAUUqe

Score
8/10
discoveryexecutionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Lanos v3 rewrite/Lanos V3 Pro.exe

    • Size

      17.2MB

    • MD5

      4eb416c58bc079682214366a4e6c1de7

    • SHA1

      356807edda31e26463726ee6d6806b194416e110

    • SHA256

      52e26b0a8fde35c8ce5dede1183d5634cce4e7c2d1ab21fd722f048a7bb9c381

    • SHA512

      67f9a6fe7593c09144ffc6141c069d05699b2b5abd0f909c2247a9debc5a0c55d65f3130402a59c0481b0345c23a565aaa8ef0f2382b5d9df7ff743fe65cc0ba

    • SSDEEP

      393216:Q9YiZN63hucsXMCHWUjMcuIlvz9/P2K9Xms57wYjZ3b0o:Q9YiZA3hrsXMb8Zt9/eKEo3b0o

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

    • Target

      Lanos v3 rewrite/LanosLanguageLoader.bat

    • Size

      2KB

    • MD5

      1b32d8900e2c80f9005ecd4f11c7499f

    • SHA1

      65bee3ad153e6938ae735a3be59e7a6b495d8b83

    • SHA256

      a69470aedafb18133ba2ae7f940a63a90d2a559f101511cc3864e51209fda775

    • SHA512

      99522b53b0cdb0cf39623fdafac0987757f327eb3bb51bec84de7b55588cf23ea2af08d0f538887bec01452d6b714952cdca910fc50642a6dcc7f69bd51c3f46

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

    • Target

      Lanos v3 rewrite/Modules/CookieCheck.js

    • Size

      961B

    • MD5

      a0691700dc1a2af1094e5c5c74cf12d4

    • SHA1

      705e80369b6b6eeb590851ff982ac34ff9824dc0

    • SHA256

      7b97cf3eaa71617b140a24168ca57577298cc7e5828d7439fec146f8be7ef0d8

    • SHA512

      cc3ca1d921a5dfaecfb781d97fe7d4791eeb2b2d6fa9d6d167a7185556e5f99649b318d947856d1ca4e13e1ec682d157753d569abcde3254f154ea90fe19b9f9

    Score
    3/10
    execution
    behavioral3

    • Target

      Lanos v3 rewrite/Modules/DefAnim.mjs

    • Size

      56KB

    • MD5

      f39120ca193c3848617f6bef43e63341

    • SHA1

      87be91a4af52b5a51bbb05abf911aa14e7c2b8a3

    • SHA256

      f3bfb516067fb60756bfd7c58286ef1cf9301b3e24a3f01a54e779e3d02df662

    • SHA512

      e0b12ed7e150e610dd7a103c05eb815c85ae88fe52df4ebc7217253fa3e8091b63c6ef07972fdacd643af4ea68831b5001d06df08ef5b431d4a3a0107168359a

    • SSDEEP

      768:UDnCsTBtlivsywcBxfJ0VPTW+r8JmwQvIDLEqySE7qOOwZ9ROwbaaViVB/b1EXAJ:UDw3Zr1wxAO3Pj0

    Score
    3/10
    execution
    behavioral4

    • Target

      Lanos v3 rewrite/Modules/DefScript.mjs

    • Size

      63KB

    • MD5

      3dec9afebae7d2eb7408a649b5bee40c

    • SHA1

      446148de8cf7c2319c4cb9aee98614d34a660191

    • SHA256

      9c0d098a9eb269a92c8ad0f1b226b2a98fa5de5b99b8b2219ee30938926f3d63

    • SHA512

      438ea2d3201c1f46b66fb2795f0f9dff22bdda3f840b3587270348753822a85775b5638aab9f17cedf7c1d76691c15f76dd507de33788e3c78bfc07f69aba0cb

    • SSDEEP

      768:t11CbmREEp2I5nMbcPOPVxh01ZPfvtmIhIWZM506RSRMTx5KmISKUDMgp2mwVd34:t1A0hpJQwAnsJ/DrhUNuCVuIC/Ur

    Score
    3/10
    execution
    behavioral5

    • Target

      Lanos v3 rewrite/Modules/Functions/Anim.py

    • Size

      1KB

    • MD5

      c9745e792c7335ffbfe9cba6160d402c

    • SHA1

      8fc74486270dda68d0992850e7e468cbbea59849

    • SHA256

      a7b5e481b5b14ff095e90a204b5ad285c05714b2e4b7d0a45214b27a2c32f1e0

    • SHA512

      7aace61f52e3fad663eb67b76591851ec7854986d9ec46bf3899e569e86445b9085294277eff79a1e164d9fdccc090f1fd366c8da5b20a05005962eb95a01eb7

    Score
    3/10
    behavioral6

    • Target

      Lanos v3 rewrite/Modules/Functions/Script.py

    • Size

      1KB

    • MD5

      21bb0b63e2534931f1d427ef2bb08b2f

    • SHA1

      fba78b9def5023ae7409c01dea4891a56d084981

    • SHA256

      562bd8215878cb2c27f5f25a8b4884251455bfa3ae2050f73648137ea30b33c0

    • SHA512

      76c85f6db3c65a560dcc3e66224cbcba80dac3c77407e007666dec63bd882edfe43b42dc94b5ca084aa293c8e86ec39a7c1df62de970bc9077660f91778a3caf

    Score
    3/10
    behavioral7

    • Target

      Lanos v3 rewrite/Modules/Node/Modules.bat

    • Size

      750B

    • MD5

      b4b51a8bd9a3e644fbec1983a0a31b95

    • SHA1

      8c265764affd6d19c2af2ee2bca2d7ec3aa54ade

    • SHA256

      e076497a897535b79e366ec0e327e65ba71af4734f90522b01cd4c66bbd9055d

    • SHA512

      9f9ae1d7d1f7f14538c333e80f39f36fa90ec86eed64b4df964cf7e6d8af9e180adc2fa06cb01510d734bc58338979d4f5bdfea42a9922c0b96def6a4a91e507

    Score
    1/10
    behavioral8

MITRE ATT&CK Enterprise v15

Tasks