Overview

overview

10

Static

static

3

55533764f7...e5.exe

windows7-x64

10

55533764f7...e5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d6a63d1f864741c1c4d8515446ed037.bin

  • Size

    365KB

  • Sample

    230605-mqe7page31

  • MD5

    9c58c1cee270176923c27edc4d283019

  • SHA1

    8c10a92056109b18b94456755cffcaf6a0bbc8c6

  • SHA256

    624421b598fee6a752e2652267ea5de5073cd5e3335fca79159c2c24b83896ee

  • SHA512

    573675761aeb53de4ad070091f38aaa393af005f99b5bdca97c0e7fe836614342f0b84f47e273302ad1ccd08c20f53cc2713dc765e34af391f638790818bcfe3

  • SSDEEP

    6144:it0fcz0AEgU+JlDVLpONYyALyj82CBF59owbMuv4OLkwDklEbrjGMF:LvzDEONrCyY2CBz9oFuvN9fnJ

Score
10/10
guloaderlokibotcollectiondownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5.exe

    • Size

      482KB

    • MD5

      2d6a63d1f864741c1c4d8515446ed037

    • SHA1

      00ffca47055abbeb9ffb0f3ef1071a4a496a415b

    • SHA256

      55533764f70c4e81f7d8fa92ce1fdd8b6430768d4d224aed6b4694d217bfb0e5

    • SHA512

      9f3c2f59145ec86b6302b00945ad6d83d275283e8527b052b32aba5c68abcee3cb0b4a93bf84fe7be4185b481abeb351c554b64ea59250f05b7561408b584fe3

    • SSDEEP

      12288:72iEEEEEEUEEEEEEE0EEEEEEEYT/kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkq:7ngTcN+kLuBhDZbJ3PmaO4

    Score
    10/10
    guloaderlokibotcollectiondownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks