General

  • Target

    Prijsaanvraag (Katholieke Universiteit Leuven.exe

  • Size

    1.0MB

  • Sample

    230711-m7d1yshg4y

  • MD5

    7389d3580fb8d4bf8d21ec144ec99144

  • SHA1

    8bc1983966bbc451d7d04ab020f8299d95a7e6be

  • SHA256

    20e13716e48ab9be1a201a88710b02e278d334115682015034b0b600bfb460af

  • SHA512

    96800376bfc14ef25d48c2f59013cf33bb07f5696f9a62552c19faea9c2730245dd1ee72cfa841c1f211510fb8de1c391916fa36c4f780659ec27d961217d798

  • SSDEEP

    24576:whlXrLFCLUmL3JncseaE39r7Xb35Kcy2nBJ4tPLoCfo7UW:GXvFCf6slEN7HFoLU7UW

Malware Config

Targets

    • Target

      Prijsaanvraag (Katholieke Universiteit Leuven.exe

    • Size

      1.0MB

    • MD5

      7389d3580fb8d4bf8d21ec144ec99144

    • SHA1

      8bc1983966bbc451d7d04ab020f8299d95a7e6be

    • SHA256

      20e13716e48ab9be1a201a88710b02e278d334115682015034b0b600bfb460af

    • SHA512

      96800376bfc14ef25d48c2f59013cf33bb07f5696f9a62552c19faea9c2730245dd1ee72cfa841c1f211510fb8de1c391916fa36c4f780659ec27d961217d798

    • SSDEEP

      24576:whlXrLFCLUmL3JncseaE39r7Xb35Kcy2nBJ4tPLoCfo7UW:GXvFCf6slEN7HFoLU7UW

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks