General

  • Target

    18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs

  • Size

    20KB

  • Sample

    240322-ckd3bshb31

  • MD5

    6c172c78edfa9cf3fbcee9e6417b4ec0

  • SHA1

    56d554a6cfae0cbee45a32ac9e7f261c910cd046

  • SHA256

    18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad

  • SHA512

    881216852a4049ce32387b221791b9ba7c75c4decb9b869430842a7a540f52ec1a24ae9a41550e0feb0dcf58731dcdd2dda9bcd45c798e0403af0fefaa751c27

  • SSDEEP

    384:CE68ihBTZ6i8ahvxSIp27nn15lNmpK2kn70Vuz3+44GE8gT:H68ihdgi/LfIn3lNmpK2k7Sau4m8M

Malware Config

Targets

    • Target

      18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad.vbs

    • Size

      20KB

    • MD5

      6c172c78edfa9cf3fbcee9e6417b4ec0

    • SHA1

      56d554a6cfae0cbee45a32ac9e7f261c910cd046

    • SHA256

      18a00a0da74be3d89a29bd856617a1703ee83646f39a51d70cf9d9017bd1ffad

    • SHA512

      881216852a4049ce32387b221791b9ba7c75c4decb9b869430842a7a540f52ec1a24ae9a41550e0feb0dcf58731dcdd2dda9bcd45c798e0403af0fefaa751c27

    • SSDEEP

      384:CE68ihBTZ6i8ahvxSIp27nn15lNmpK2kn70Vuz3+44GE8gT:H68ihdgi/LfIn3lNmpK2k7Sau4m8M

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks