General

  • Target

    hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwithlotofloveiloveyousoomuch.doc

  • Size

    71KB

  • Sample

    240305-mle15acf8s

  • MD5

    26c100089e2cf5463babd1de454a67d1

  • SHA1

    6a9d052164255970ae1429fe60617f8eafd22a54

  • SHA256

    2e8debc110f5f5cd0a112ac5d77863b4148cd7c7c1fd888e17dade82b50a7458

  • SHA512

    e97c29ed4d726df4687cabfe398874d253dc34f0d5fa6be1fa34139bf7b4414832b8820dd1cc7ce26f5c85562c4fbbea360349499e8c020bd53a3cbf26474e4f

  • SSDEEP

    1536:SUTYpANIIHHpYger0agzaJ7gZRVH8fwv2:vcp0YgeL7gZRVH8fwv2

Malware Config

Targets

    • Target

      hxtraloveaddedonurheartwithlotofloveandkissonurneckireallyloveyou______________sweetkissonurheartwithlotofloveiloveyousoomuch.doc

    • Size

      71KB

    • MD5

      26c100089e2cf5463babd1de454a67d1

    • SHA1

      6a9d052164255970ae1429fe60617f8eafd22a54

    • SHA256

      2e8debc110f5f5cd0a112ac5d77863b4148cd7c7c1fd888e17dade82b50a7458

    • SHA512

      e97c29ed4d726df4687cabfe398874d253dc34f0d5fa6be1fa34139bf7b4414832b8820dd1cc7ce26f5c85562c4fbbea360349499e8c020bd53a3cbf26474e4f

    • SSDEEP

      1536:SUTYpANIIHHpYger0agzaJ7gZRVH8fwv2:vcp0YgeL7gZRVH8fwv2

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks