guloader | 6a872532ca240daaf8bd0b676678bfdfcad6f0c72c58f675574d3a1f471bea9f

General

Target

fe62c58bcc975e7ebbd268b44a518785.bin
Size

155KB
Sample

240418-ch92zsgc65
MD5

e19b2648d1afa5e0e8c60bc4bb77b581
SHA1

48ff6d5a821ba8346eb1a06a8df22a0df09bf1f6
SHA256

6a872532ca240daaf8bd0b676678bfdfcad6f0c72c58f675574d3a1f471bea9f
SHA512

485200a7250254d89e722f6093225dcf850e8079120f059bec8688fc766e7e33953eb286902b90d476dff554fed46a284e2972ec30fa61ae94d7e6d131349c9f
SSDEEP

3072:73+m1bzjML2XjlZPfsqD0YMJdXp4yqdZ76qpFroA+V1G5iBojTrpHSWqSI:PfM6J5fIYMJFp4yqzeq3revG5iKTN9qz

Score

10^/10

Malware Config

Targets

- Target
  
  67fbf9f34cf2fa287ef78230cfcaacfcf150238e526341bbaa4cbb86d7382c58.vbs
- Size
  
  361KB
- MD5
  
  fe62c58bcc975e7ebbd268b44a518785
- SHA1
  
  696f215f0abe6f1513ddd0a6e8235d99fa5da7fe
- SHA256
  
  67fbf9f34cf2fa287ef78230cfcaacfcf150238e526341bbaa4cbb86d7382c58
- SHA512
  
  5d70692b8c4b95c61d08c07b1eff6d98ebf58692a10af71281a1fba06a94cb25102803bf1776a5546798427b7a4a76bf62bd3538ed7e7a063f27326df484cc80
- SSDEEP
  
  6144:6Q1LaVfs2VTA05zBWJKJqDv9WlmDg6bMiaNb3rczF9V4I5Btg/zRoFTC4vSUUkP/:bKInOiANKdGs
Score

10^/10

guloader lokibot collection downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Guloader,Cloudeye

Lokibot

Blocklisted process makes network request

Accesses Microsoft Outlook profiles

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2