MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5de7148d727fec09a0597b5f64cf1719968372a21c6ded90c51cae3f42b4c26d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lu0Bot


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5de7148d727fec09a0597b5f64cf1719968372a21c6ded90c51cae3f42b4c26d
SHA3-384 hash: 842ee4b0c8e4b6d83cfcbc60263ebde4a13582f5abda93bc3997ce27aa969456d161557cbddb5866457d85fe6ef86edb
SHA1 hash: e8ff4bba2d4213566c2a8cb0f5da96c339a1e022
MD5 hash: d0d3a7c95eb711d275f029253458c323
humanhash: snake-leopard-sixteen-bakerloo
File name:usfive_20211231-060231
Download: download sample
Signature Lu0Bot
Create hunting rule
File size:2'560 bytes
First seen:2021-12-31 11:30:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f97df3d5a90de804311f27d80db8f6d0 (2 x Lu0Bot)
ssdeep 24:etGSB8Ci0ZCP2/T0J6gP1w+69CdsJn3X6wCyHWoYpUCkaxFYZc5tYamaGnpFp2P6:6V7M+/+un2w75Y2aHtYx1pFpupqJ/B
Threatray 450 similar samples on MalwareBazaar
TLSH T1B751B83FA5040EB1D00B843D0D424B14FB77A17295FA42910F4314D75E78D99687CB2B
Reporter benkow_
Tags:exe Lu0Bot

Intelligence

File Origin
# of uploads :
1
# of downloads :
333
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
usfive_20211231-060231
Verdict:
Suspicious activity
Analysis date:
2021-12-31 11:33:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/926fa111-8414-480d-bf6a-e66a7f6ac7c1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/216925/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Creating a window
Сreating synchronization primitives
DNS request
Sending an HTTP GET request
Searching for the window
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3561/overview
Behaviour
MalwareBazaar
CallWinExec
SystemUptime
EvasionGetTickCount
Verdict:
No Threat
Threat level:
  2/10
Confidence:
67%
Link:
https://www.filescan.io/uploads/61cee9f88991ba72b3a1e914/reports/88713432-b0e6-4f90-bb58-b64cd1299389/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1f11d57a-ad80-4514-9b25-7c6b75241c8f
Result
Threat name:
Lu0Bot
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/914292
Signature
Downloads files via mshta.exe (likely to bypass HIPS)
Multi AV Scanner detection for submitted file
Sigma detected: Mshta JavaScript Execution
Sigma detected: Suspicious MSHTA Process Patterns
Yara detected Lu0Bot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5de7148d727fec09a0597b5f64cf1719968372a21c6ded90c51cae3f42b4c26d/
Threat name:
Win32.Trojan.AgentAGen
Create hunting rule
Status:
Malicious
First seen:
2021-12-31 11:31:08 UTC
File Type:
PE (Exe)
AV detection:
10 of 27 (37.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxtrjdlsp7waticzpnpwjtyxdglig4vcdrw63egfdsxd6qvuyjwq._file
Verdict:
unknown
Similar samples:
2d721df670fdb63c643b3de2dcdd46311b8d94d2753b47ad0035392644dee77a
Lu0Bot
4c99457625e752a03693aab64e2b5129eff89872c649194e81bd87809ed1ae13
Lu0Bot
71d93edf8e5a5f7128dc660fa599a41c96059fee16983769adb91b3b8353294f
Lu0Bot
863c612734f5ff0ff0ea3fed7fd790dfb43c47eecdc1417bcd82c0ad866419af
Lu0Bot
93e0c13d2e22b34b8fa11806b2545fb10526cb04ff95002788d8ae5c8a39d191
Lu0Bot
9db5c02ac4e161369160fe13719a212e55377dd57ffc9f98b7141bce3b9df26c
Lu0Bot
c6043c3c87526712c251385dacc61e443647d1dcca1e86ce411e69cb711c4640
Lu0Bot
cb23aeac6382ff99608a71e3b416c1ca22f5f301474840239e4c319db31cef25
Lu0Bot
d2d50893bb4f2c943c32f834cf6c095e5e4f2e7997b543c1012cf0e74ca8adff
Lu0Bot
f383f40cc25197aa00a470f4b549f6da97293ebd87dd80b099d59d5fc7a2dab4
Lu0Bot
+ 440 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211231-nmp36aghc6/
Behaviour
Script User-Agent
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
5de7148d727fec09a0597b5f64cf1719968372a21c6ded90c51cae3f42b4c26d
MD5 hash:
d0d3a7c95eb711d275f029253458c323
SHA1 hash:
e8ff4bba2d4213566c2a8cb0f5da96c339a1e022
Link:
https://www.unpac.me/results/fdaae355-f9f5-46d3-bf9c-993c81ec126d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.18
Link:
https://yomi.yoroi.company/submissions/5de7148d727fec09a0597b5f64cf1719968372a21c6ded90c51cae3f42b4c26d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
GCleaner
Cape
Cape
https://www.capesandbox.com/analysis/216925/

Comments