General

  • Target

    6672c4dd15ff126d4b6fe7efb05fde64485256dd3ce739e0df983cf26c7d553c.exe

  • Size

    963KB

  • Sample

    240322-c817rsfe35

  • MD5

    67427fb1fb379997467716984fe0a9ab

  • SHA1

    091aef3b23437ea50aa98200559b988d00802f47

  • SHA256

    6672c4dd15ff126d4b6fe7efb05fde64485256dd3ce739e0df983cf26c7d553c

  • SHA512

    eab16dc2f49784cf5f91b4886d4323dc162b9ab290a607cbf101b762a4a455357973d432fa898b5a5ce26e2c27e0ee0718ec28d43bb145733f45ae2c944672dc

  • SSDEEP

    24576:3bZCmf67FtuZFX3KJQgSAA530CswlA+6dqdvpoUF3r:r3f67FtuZB3oQFms1F3r

Malware Config

Targets

    • Target

      6672c4dd15ff126d4b6fe7efb05fde64485256dd3ce739e0df983cf26c7d553c.exe

    • Size

      963KB

    • MD5

      67427fb1fb379997467716984fe0a9ab

    • SHA1

      091aef3b23437ea50aa98200559b988d00802f47

    • SHA256

      6672c4dd15ff126d4b6fe7efb05fde64485256dd3ce739e0df983cf26c7d553c

    • SHA512

      eab16dc2f49784cf5f91b4886d4323dc162b9ab290a607cbf101b762a4a455357973d432fa898b5a5ce26e2c27e0ee0718ec28d43bb145733f45ae2c944672dc

    • SSDEEP

      24576:3bZCmf67FtuZFX3KJQgSAA530CswlA+6dqdvpoUF3r:r3f67FtuZB3oQFms1F3r

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Fangarme/Unfrocked/Beside.Fst

    • Size

      57KB

    • MD5

      4b7717b799924b965c87395fd3525e75

    • SHA1

      497905fee98b47d49d2a307e63a3a150e9024da4

    • SHA256

      3328223bc86a8827b1790755d0c91c6b7f3cea91b18f8cfb24247ca0526ecf60

    • SHA512

      eabcd57e04d51874ef723663443f4f61abd1a11877f9c78e9724e1af0407f8f89fe4e22df66af96f3a3654b77fb197c8d93235764d52b3a91c513fed8a66ba0e

    • SSDEEP

      768:W/CIxu9s4ROzL5W7brBAkk9uBsiSq2mGj2hwHjhImHYlNQmu+DVgku/thQk:UyxRO3I7tyiSq2Xj2hSQnWEmN/TQk

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks