General

  • Target

    4abdae9b05fb343406136ff0cf863e8f403dc294578f111a746b125d59c5c91b.exe

  • Size

    953KB

  • Sample

    240322-c2bzashe6x

  • MD5

    971bdb03f3caf8bb34464d3629c6fd5a

  • SHA1

    2c28ace22924960730814e5a787ffcadde187278

  • SHA256

    4abdae9b05fb343406136ff0cf863e8f403dc294578f111a746b125d59c5c91b

  • SHA512

    6e160db5481a91b18bfee7ecdd7a1a18150072f5c518b351c6ffa36f2b176ee46318e61c42b58e00278dc926446e5b040aa85e42ab610faf9bd8822d7bc4bcd2

  • SSDEEP

    24576:lbZCmf67FtuZFX3KJQgI/tpWrZAOWaTUF3w:N3f67FtuZB3oQNpWDWawF3w

Malware Config

Targets

    • Target

      4abdae9b05fb343406136ff0cf863e8f403dc294578f111a746b125d59c5c91b.exe

    • Size

      953KB

    • MD5

      971bdb03f3caf8bb34464d3629c6fd5a

    • SHA1

      2c28ace22924960730814e5a787ffcadde187278

    • SHA256

      4abdae9b05fb343406136ff0cf863e8f403dc294578f111a746b125d59c5c91b

    • SHA512

      6e160db5481a91b18bfee7ecdd7a1a18150072f5c518b351c6ffa36f2b176ee46318e61c42b58e00278dc926446e5b040aa85e42ab610faf9bd8822d7bc4bcd2

    • SSDEEP

      24576:lbZCmf67FtuZFX3KJQgI/tpWrZAOWaTUF3w:N3f67FtuZB3oQNpWDWawF3w

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Fdrelandskrligehed/Tenuto/Sauria/Handelsbalancerne122.San

    • Size

      57KB

    • MD5

      0c865acf7c347c6dd359f98c8251a9bc

    • SHA1

      dc6ad24450f7a966e5c090abce2ec06f23cef9ae

    • SHA256

      00f3155ff5edff6c7b7286095854eae05446345e358018fee4c5fb141a458d7e

    • SHA512

      a7ead01800f440b0d4e8f07040818ed72ff1c768cb44ffc1823230b5bee96238b25373a652be4509c88cb371772da1061f5b14b3fa5a7e1e7833dc07d56f1aaa

    • SSDEEP

      1536:zSoQQtIqgBuwNgZdhr1l4jOLjMr0q7hB5V6jNpCDWS6BuqVkzW:eoKBuwN+3COLwr0q7f5iNY6XiS

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks