General

  • Target

    11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe

  • Size

    963KB

  • Sample

    240322-cjex8seh94

  • MD5

    2f96e6fd36ceec8c32dcc6c7607a87bd

  • SHA1

    89b9bd60c39a582da440112f12f939c90102d567

  • SHA256

    11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932

  • SHA512

    755e29062263821fac7c37be3dd7e0b980804adbe301d1945c9098ca1cb8ae57f293a022a2e11677e404bac323b4e5995d4c57d45c2edb13595ff151547993b9

  • SSDEEP

    12288:wbZfqmfr+7Iz6tuhHr2WX3rLKJQEKKHP9SxG4A1wF7dieRJ14BEtIX2UgGj+Xtah:wbZCmf67FtuZFX3KJQgl4KEoEoePUF3Z

Malware Config

Targets

    • Target

      11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932.exe

    • Size

      963KB

    • MD5

      2f96e6fd36ceec8c32dcc6c7607a87bd

    • SHA1

      89b9bd60c39a582da440112f12f939c90102d567

    • SHA256

      11bfafb62ab5e5c115862409c849f069dc0903abf0f864783bea73472db19932

    • SHA512

      755e29062263821fac7c37be3dd7e0b980804adbe301d1945c9098ca1cb8ae57f293a022a2e11677e404bac323b4e5995d4c57d45c2edb13595ff151547993b9

    • SSDEEP

      12288:wbZfqmfr+7Iz6tuhHr2WX3rLKJQEKKHP9SxG4A1wF7dieRJ14BEtIX2UgGj+Xtah:wbZCmf67FtuZFX3KJQgl4KEoEoePUF3Z

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Bedwarmer.Hom

    • Size

      58KB

    • MD5

      aae5fcb1e66470ef7a08ea335b80ac05

    • SHA1

      9422c0898c87a134c72c6ffa35c594d93dba9dc9

    • SHA256

      8bd9205c7c8f112ff5cba1307842eddccc18e20e227cccb7b74e6a24e686b8b0

    • SHA512

      031d187a47a9b687d6822f34e74029f2f1cf4eb8687dc2846a3d84efbf9d30d5459870842a22cdab89130915501e2593f79b2a32da5c266d382120e0a042b072

    • SSDEEP

      1536:kIA6tvaB6ot7AWRT/HFQzHYDLaKzxxkRq:kIltiBhzlQELaKzjD

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks