General
-
Target
Request for Quote (Waseda University) 05- 09-2022.exe
-
Size
558KB
-
Sample
221003-f7s2jsbbdr
-
MD5
a1e9139a63b33375b3c2ab70b8fed769
-
SHA1
da835d5d7ca257b776a8616b365e41084724771c
-
SHA256
60e1a6a93ad368ac92dd0f02f2416e1a0eb5cd3d441a2df8704225bd94fbaad2
-
SHA512
43b9e35aa0713ec56876f7bca3e7af9c0a7828b0b6867ea15b609aeed7445501d9546b8ae2908c736b55dbc790dd651e0709de33bd70d4c2b226a69b4afe0a3a
-
SSDEEP
12288:40SKoJ47FnSzRDnhfbrf+rwr5Do1Q3buie+Dhhr0ZTPHnIDqmhQmuH:lLocFnS1Dnhf2k1JfeeXr0ZHIFK
Malware Config
Targets
-
-
Target
Request for Quote (Waseda University) 05- 09-2022.exe
-
Size
558KB
-
MD5
a1e9139a63b33375b3c2ab70b8fed769
-
SHA1
da835d5d7ca257b776a8616b365e41084724771c
-
SHA256
60e1a6a93ad368ac92dd0f02f2416e1a0eb5cd3d441a2df8704225bd94fbaad2
-
SHA512
43b9e35aa0713ec56876f7bca3e7af9c0a7828b0b6867ea15b609aeed7445501d9546b8ae2908c736b55dbc790dd651e0709de33bd70d4c2b226a69b4afe0a3a
-
SSDEEP
12288:40SKoJ47FnSzRDnhfbrf+rwr5Do1Q3buie+Dhhr0ZTPHnIDqmhQmuH:lLocFnS1Dnhf2k1JfeeXr0ZHIFK
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-