Linux/LuaBot

ner0x652 · Post by **ner0x652** » Wed Sep 07, 2016 7:22 am

"Malware Must Die" released a great analysis on a new Linux bot, written in Lua.

http://blog.malwaremustdie.org/2016/09/ ... uabot.html

Post by **Xylitol** » Wed Sep 07, 2016 8:08 am

In attachment
https://www.virustotal.com/en/file/e1f6 ... 473235583/
https://www.virustotal.com/en/file/0206 ... 473235583/

Ludvig · Post by **Ludvig** » Fri Sep 16, 2016 3:12 pm

i unpacked lua script.

sign gzip )

Code: Select all

.00102018:  1F 8B 08 00-4E BD AC 57-00 03 AC 3C-6B 73 E3 46

Post by **Xylitol** » Sun Sep 18, 2016 11:36 pm

LuaBot: Malware targeting cable modems ~ https://w00tsec.blogspot.com/2016/09/lu ... odems.html

XHR · Post by **XHR** » Sat May 19, 2018 10:35 am

This bot has evolved a lot since, does anyone have a fresh samples?

Report: https://vms.drweb.com/virus/?_is=2&i=15330288
Sandbox: https://detux.org/report.php?sha256=948 ... aa60c1f345

Post by **Xylitol** » Sun May 20, 2018 5:50 pm

Files from dr.web article you mentioned

XHR · Post by **XHR** » Sat Jun 23, 2018 11:22 pm

Thank you very much Xylitol, any chance to obtain these samples?

Code: Select all

5deb17c660de9d449675ab32048756ed
c867d00e4ed65a4ae91ee65ee00271c7
4b8c0ec8b36c6bf679b3afcc6f54442a
889100a188a42369fd93e7010f7c654b
061b03f8911c41ad18f417223840bce0

Post by **Xylitol** » Sun Jun 24, 2018 1:01 am

voila

KernelMode.info

Linux/LuaBot

Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot

Re: Linux/LuaBot