Overview

overview

10

Static

static

1

Y2Q0MzM1.exe

windows7-x64

10

Y2Q0MzM1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Y2Q0MzM1.exe

  • Size

    396KB

  • Sample

    230523-t8xm1sgb97

  • MD5

    fa36b30bb100a9a8e1f6f5054f6762d1

  • SHA1

    75d6a757fe78c96174f375b88fdc7c365da23771

  • SHA256

    7452b5e1aa5ea4fede44327fe843fe683bcd65ad31872c4eac344182f91c5a37

  • SHA512

    588c588b86575d1ace4fe691556032c2b123184bf967808a6f78b9cc0744cf55b1ce64f5c0d3a96abce87d488e3fa547bd1b0cc057899d31aed5f1d21c5048af

  • SSDEEP

    6144:J1ssjxiiM/u6amdHVqivOOwW2uovZl1eOg4Dkg7CtEppnSp+jbMVMY55tUxPwJ:8sKVtmO84Z4Dj/DnvbMVMeuoJ

Score
10/10
guloaderlokibotcollectiondownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      Y2Q0MzM1.exe

    • Size

      396KB

    • MD5

      fa36b30bb100a9a8e1f6f5054f6762d1

    • SHA1

      75d6a757fe78c96174f375b88fdc7c365da23771

    • SHA256

      7452b5e1aa5ea4fede44327fe843fe683bcd65ad31872c4eac344182f91c5a37

    • SHA512

      588c588b86575d1ace4fe691556032c2b123184bf967808a6f78b9cc0744cf55b1ce64f5c0d3a96abce87d488e3fa547bd1b0cc057899d31aed5f1d21c5048af

    • SSDEEP

      6144:J1ssjxiiM/u6amdHVqivOOwW2uovZl1eOg4Dkg7CtEppnSp+jbMVMY55tUxPwJ:8sKVtmO84Z4Dj/DnvbMVMeuoJ

    Score
    10/10
    guloaderlokibotcollectiondownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks