General
-
Target
08f0bbe6555c48db42f8c443f75454df8cff5202aed71bc68ff2aa50f553f65a.vbs
-
Size
674KB
-
Sample
240409-bdlyxscg5v
-
MD5
b58a6acfd4547e8c4807ecf021d66836
-
SHA1
23d24358058fe6d64d4f9386775970be4ce9d22b
-
SHA256
08f0bbe6555c48db42f8c443f75454df8cff5202aed71bc68ff2aa50f553f65a
-
SHA512
bdc869db4096071268742aa0e29862712454317801b15c1fbe40c0e6e1ea466a34debb5d2f064d4a0e2369bec2e2b9e92c3aa23922bdcc7b8e7164108bbe3b8b
-
SSDEEP
12288:0KR3TAwEzevvk5tZ2e9ET/EVuoKPcthUh6sHpA:0y31GevaguET/EIcthItA
Malware Config
Targets
-
-
Target
08f0bbe6555c48db42f8c443f75454df8cff5202aed71bc68ff2aa50f553f65a.vbs
-
Size
674KB
-
MD5
b58a6acfd4547e8c4807ecf021d66836
-
SHA1
23d24358058fe6d64d4f9386775970be4ce9d22b
-
SHA256
08f0bbe6555c48db42f8c443f75454df8cff5202aed71bc68ff2aa50f553f65a
-
SHA512
bdc869db4096071268742aa0e29862712454317801b15c1fbe40c0e6e1ea466a34debb5d2f064d4a0e2369bec2e2b9e92c3aa23922bdcc7b8e7164108bbe3b8b
-
SSDEEP
12288:0KR3TAwEzevvk5tZ2e9ET/EVuoKPcthUh6sHpA:0y31GevaguET/EIcthItA
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-