guloader | 1568c3ddabfc2adeb3ebcb101e5b1c2d15c9d3d243276f75d0cb0e360c17c3e0 | Triage

Submit
Reports

Overview

overview

Static

static

Request fo...22.exe

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

20220907_090257_lhjxkyq-VdM4vmk3fPXDH1nxYWsLCQKF.eml
Size

965KB
Sample

220907-nsd8vabhg4
MD5

92d29e662736332968c5f51b84c215c5
SHA1

3734120030d0255bf56e4db69c2b72341115e68f
SHA256

1568c3ddabfc2adeb3ebcb101e5b1c2d15c9d3d243276f75d0cb0e360c17c3e0
SHA512

9873da3d068dfa3ccf416fbe16b16ae64135d6a5ca39da549b43c95041259a12075e6e17b784ba83923cd1e0fd6a58d839d66e90f22e0b7156a5cc194742c530
SSDEEP

24576:i5nsbAaQn1Fq1usY6mw9GQKLUQmbDeqAVcML:xDOwe9

Score

10^/10

guloader lokibot collection discovery downloader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Request for Quote (Waseda University) 07- 09-2022.exe

Resource

win10-20220812-en

guloader lokibot collection discovery downloader spyware stealer trojan

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Request for Quote (Waseda University) 07- 09-2022.exe
- Size
  
  346KB
- MD5
  
  d12d4496e0c394e323d868eaacee34c0
- SHA1
  
  58e7b6580dea94b97c941bb9db2aec0e4c286671
- SHA256
  
  28f818c30c5454354433cae559cc16ca5430dc9fde6776a4e252e99d8f39c370
- SHA512
  
  5713b7db874e5bfd23b218c571ecacb72de14218a2e3b1dc26bbe39df4fd3698d7b851089aca707ba0eb3877449d72224f4a096cdfb5f4169cbee2db117b97f6
- SSDEEP
  
  6144:6/c/43AbmhXUQirdrt9ENYoTvGfKPGneuxIuwsHdVmkGgSrcVEUoI:6R37XUTrdp9SYYOfKeneuS3sXNGgMczN
Score

10^/10

guloader lokibot collection discovery downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondiscoverydownloaderspywarestealertrojan

© 2018-2025

Terms | Privacy