General

  • Target

    Request For Quotation Details_Ref.exe

  • Size

    949KB

  • Sample

    240325-pp46jaae5w

  • MD5

    f744b39f06cad577364eff72186e0626

  • SHA1

    a2e04a36a215a5a90838965126b5e0b8baa7cf88

  • SHA256

    b67c5941b8a82c44ee8c876e53fc0435d8d5653491b6c61ef0ec5ee92bbfbed0

  • SHA512

    7adc81defb1397a665f7511e04224b81b5a8cabbab5ede049ba20f8113998307f146ef2031f723a5dca5592f51794d935fcaddff3a33deb58743521749a69e8d

  • SSDEEP

    24576:pbZCmf67FtuZFX3KJQghsUyj6/onNd5gWrotUF3y:R3f67FtuZB3oQyCG/otrfF3y

Malware Config

Targets

    • Target

      Request For Quotation Details_Ref.exe

    • Size

      949KB

    • MD5

      f744b39f06cad577364eff72186e0626

    • SHA1

      a2e04a36a215a5a90838965126b5e0b8baa7cf88

    • SHA256

      b67c5941b8a82c44ee8c876e53fc0435d8d5653491b6c61ef0ec5ee92bbfbed0

    • SHA512

      7adc81defb1397a665f7511e04224b81b5a8cabbab5ede049ba20f8113998307f146ef2031f723a5dca5592f51794d935fcaddff3a33deb58743521749a69e8d

    • SSDEEP

      24576:pbZCmf67FtuZFX3KJQghsUyj6/onNd5gWrotUF3y:R3f67FtuZB3oQyCG/otrfF3y

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      fangelejre/Syrnes/Lnforbedringens/Hjertensgodes.Nim

    • Size

      59KB

    • MD5

      41e3b6d1e5367b938531916ca78dfe24

    • SHA1

      cbc36b0e630f0d739ac22e3f031e047f0e42c318

    • SHA256

      f817a40978e642e98d2c41c967c651051414291fa729ff3618a8c12638cf566c

    • SHA512

      3d16bb14f411c9008219036e749556dfc184b7801d61733891a56f4adf43397b1bb325340fdb500b9eecb9abd05f8483e447d795d7f09044d58202c778d5e2fa

    • SSDEEP

      1536:z8LaJc+6OR8+SgyMR+6ZpRD4mhanfZMjfnaeLCYxl:gLcctORzSgzRvVD45ZUzLf

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks