guloader | 19b6b6474d7c1f9b4dceac97c5e04973c2c6a9f0fa5db557aac4c2822251ffe8 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...59.exe

windows7-x64

SecuriteIn...59.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Mal.Generic-S.31559.exe
Size

405KB
Sample

220914-jn9rqsdchk
MD5

ec9b172ab41e8140d3f4410d391a5cf2
SHA1

3f233527ae66b9f8ba1541b6111ec740fb64894a
SHA256

19b6b6474d7c1f9b4dceac97c5e04973c2c6a9f0fa5db557aac4c2822251ffe8
SHA512

44fc91192aa9bb6f007bb68beb1555c40c7014683c7992fb74ec095be0bc5232fa19904f7bd500dbe3a7b16c218e9ebd7eaafea3dfaaf1699dc086796a8ff3b0
SSDEEP

6144:EEh9vQptxn/AcN4nSVzhYCk1QNvy+guHJsw/KhCd8bA6+JEo9TWMrGg:ERfTiSzM+5pEAKbA6IE0/p

Score

10^/10

guloader lokibot collection downloader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Mal.Generic-S.31559.exe

Resource

win7-20220812-en

guloader lokibot collection downloader spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Mal.Generic-S.31559.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Mal.Generic-S.31559.exe
- Size
  
  405KB
- MD5
  
  ec9b172ab41e8140d3f4410d391a5cf2
- SHA1
  
  3f233527ae66b9f8ba1541b6111ec740fb64894a
- SHA256
  
  19b6b6474d7c1f9b4dceac97c5e04973c2c6a9f0fa5db557aac4c2822251ffe8
- SHA512
  
  44fc91192aa9bb6f007bb68beb1555c40c7014683c7992fb74ec095be0bc5232fa19904f7bd500dbe3a7b16c218e9ebd7eaafea3dfaaf1699dc086796a8ff3b0
- SSDEEP
  
  6144:EEh9vQptxn/AcN4nSVzhYCk1QNvy+guHJsw/KhCd8bA6+JEo9TWMrGg:ERfTiSzM+5pEAKbA6IE0/p
Score

10^/10

guloader lokibot collection downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy