General

  • Target

    Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe

  • Size

    1.0MB

  • Sample

    230711-lh723ahb9y

  • MD5

    790f3266b308066cd14f9900329e6f0c

  • SHA1

    7a9aa50d276c7f8b616d1c0b5bf8fe3d9328d0fa

  • SHA256

    b2d2f116713950b0742c2cb384c0377ac414be769d317f9e246ecb66730c889d

  • SHA512

    ce45fd69dfdda994b563a4bc946bdee94dbc3a27d8909ef32fb44a5c3aa0f08af72d0daafd4adb14474918ff23a2c721b0b4a9a915c1a701ded69565f607bb44

  • SSDEEP

    24576:whlXrm7zYFdAlYobCNtwc9Vr+iUriIVP1PRXplA77RRW6:GXi7MAlYlNWcqNriIVP1PRXpwrW6

Malware Config

Targets

    • Target

      Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe

    • Size

      1.0MB

    • MD5

      790f3266b308066cd14f9900329e6f0c

    • SHA1

      7a9aa50d276c7f8b616d1c0b5bf8fe3d9328d0fa

    • SHA256

      b2d2f116713950b0742c2cb384c0377ac414be769d317f9e246ecb66730c889d

    • SHA512

      ce45fd69dfdda994b563a4bc946bdee94dbc3a27d8909ef32fb44a5c3aa0f08af72d0daafd4adb14474918ff23a2c721b0b4a9a915c1a701ded69565f607bb44

    • SSDEEP

      24576:whlXrm7zYFdAlYobCNtwc9Vr+iUriIVP1PRXplA77RRW6:GXi7MAlYlNWcqNriIVP1PRXpwrW6

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks