General

  • Target

    Request For Price (UKIM 2307-11MK)·pdf.exe

  • Size

    1.0MB

  • Sample

    230711-qw7qnsae2t

  • MD5

    c87053a08911a3e955800ec9459ab351

  • SHA1

    bd5a1fcb9a8976231212c8164adec3b3146b9c58

  • SHA256

    6aa0f617858116f47259be57fb9063c77652fffd2aeb11066340bf984f45d1c7

  • SHA512

    8c495f4a1330c1d9bd2586d496d655b0b9ab7c3d02f39bd4d8556f7592cd9c4099a360aea94fad3d8f213c203817dbf289191bfb58392dea93983a7d3aa5fedc

  • SSDEEP

    24576:whlXrP+f9VlvfE0ZGx2Zw1NGANvqYzNYvZvi3ZaE:GXLGblcKwJiYzuBKpD

Malware Config

Targets

    • Target

      Request For Price (UKIM 2307-11MK)·pdf.exe

    • Size

      1.0MB

    • MD5

      c87053a08911a3e955800ec9459ab351

    • SHA1

      bd5a1fcb9a8976231212c8164adec3b3146b9c58

    • SHA256

      6aa0f617858116f47259be57fb9063c77652fffd2aeb11066340bf984f45d1c7

    • SHA512

      8c495f4a1330c1d9bd2586d496d655b0b9ab7c3d02f39bd4d8556f7592cd9c4099a360aea94fad3d8f213c203817dbf289191bfb58392dea93983a7d3aa5fedc

    • SSDEEP

      24576:whlXrP+f9VlvfE0ZGx2Zw1NGANvqYzNYvZvi3ZaE:GXLGblcKwJiYzuBKpD

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks