General

  • Target

    Solicite una cotización (Universidad Tecnológica de Panamá)·pdf.exe

  • Size

    1.0MB

  • Sample

    230712-g8c76adb9t

  • MD5

    258162345507f55811d16b899eb6382f

  • SHA1

    8cf6bc1c7b73716ea5374f4514cdebc18cc5e532

  • SHA256

    cbad9ba64b1f3db537ea7d230e8d791a7d43308fb68b73989100517b157bf6b2

  • SHA512

    47f4ec51f5a36060c06daa413dfc502443fead7056875ff729f47809c9f7dcd5854fb389a1d40907fe0473635673241b91a707f1225bd6b075a7ba012204aaeb

  • SSDEEP

    24576:whlXrPNEwin9T0yZgC50xx0Fcge8QIuWz69vHQGRmr12:GXLNEwin9I9x0sPIuWz6BMY

Malware Config

Targets

    • Target

      Solicite una cotización (Universidad Tecnológica de Panamá)·pdf.exe

    • Size

      1.0MB

    • MD5

      258162345507f55811d16b899eb6382f

    • SHA1

      8cf6bc1c7b73716ea5374f4514cdebc18cc5e532

    • SHA256

      cbad9ba64b1f3db537ea7d230e8d791a7d43308fb68b73989100517b157bf6b2

    • SHA512

      47f4ec51f5a36060c06daa413dfc502443fead7056875ff729f47809c9f7dcd5854fb389a1d40907fe0473635673241b91a707f1225bd6b075a7ba012204aaeb

    • SSDEEP

      24576:whlXrPNEwin9T0yZgC50xx0Fcge8QIuWz69vHQGRmr12:GXLNEwin9I9x0sPIuWz6BMY

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks