Resubmissions

13/07/2023, 14:04

230713-rc9llaha43 10

11/07/2023, 09:58

230711-lzhthagb62 10

General

  • Target

    Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.zip

  • Size

    990KB

  • Sample

    230711-lzhthagb62

  • MD5

    22996c71418e4268c9000d277567ef3a

  • SHA1

    97411ef809700e5115825f7cd5043472b156bd46

  • SHA256

    f10f3adda4426ff71c0fbcb9f3ccdd0d46733e3661921d0048435bc9788c93f0

  • SHA512

    8041c5015d7eecb0bdbc571bebb9e435fb4632767aee734e87b8619d0d26021e3ae39cde1b01298c5c89cb14d8f73887642904ae092e9a89c6e9b9dd5158ff5c

  • SSDEEP

    24576:7lOm46ZbdmZYobCNxwU9vrgiYHiMVP1xRXV5aJpRRWc:70m9ZQZYlNaUqnHiMVP1xRXVgdWc

Malware Config

Targets

    • Target

      Richiesta Preventivo (ISGB) 7788EU - 0605ITA·pdf.exe

    • Size

      1.0MB

    • MD5

      790f3266b308066cd14f9900329e6f0c

    • SHA1

      7a9aa50d276c7f8b616d1c0b5bf8fe3d9328d0fa

    • SHA256

      b2d2f116713950b0742c2cb384c0377ac414be769d317f9e246ecb66730c889d

    • SHA512

      ce45fd69dfdda994b563a4bc946bdee94dbc3a27d8909ef32fb44a5c3aa0f08af72d0daafd4adb14474918ff23a2c721b0b4a9a915c1a701ded69565f607bb44

    • SSDEEP

      24576:whlXrm7zYFdAlYobCNtwc9Vr+iUriIVP1PRXplA77RRW6:GXi7MAlYlNWcqNriIVP1PRXpwrW6

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks