guloader | 1789a36b829cd09dc4fd24323a0d1bb900494714b4cc7083af651630f2c42d2f | Triage

Submit
Reports

Overview

overview

Static

static

3

Quote Requ...df.exe

windows7-x64

Quote Requ...df.exe

windows10-2004-x64

Resubmissions

01-07-2024 16:13

240701-tpeyvsscpp 10

01-07-2024 16:06

240701-tkj21ssckp 10

Sharing

General

Target

Quote Request (Tupy S.A.) 523AM - 924BR·pdf.exe
Size

648KB
Sample

240701-tpeyvsscpp
MD5

93a658e985408e0538044b8b91a2729c
SHA1

c1f250915cb43fc6a46d29dc28a1f09881fe0ded
SHA256

1789a36b829cd09dc4fd24323a0d1bb900494714b4cc7083af651630f2c42d2f
SHA512

5337c140a778e4ababf7dd82fcd280feb2a7e9e9db981c7fed1fff9c0ea8d562afe71992aa054e98ba9c715f0bea48d939f98b171110a7aaffcd372d23e2816e
SSDEEP

12288:zsB4GOFuvCfdDrklbm9QfwYUcTWQ5xQryR2:I4GOFCCFf4m9ESQWQDQ2Q

Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Quote Request (Tupy S.A.) 523AM - 924BR·pdf.exe

Resource

win7-20240611-en

guloader lokibot collection downloader execution spyware stealer trojan

windows7-x64

17 signatures

300 seconds

Behavioral task

behavioral2

Sample

Quote Request (Tupy S.A.) 523AM - 924BR·pdf.exe

Resource

win10v2004-20240226-en

guloader lokibot collection downloader execution spyware stealer trojan

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  Quote Request (Tupy S.A.) 523AM - 924BR·pdf.exe
- Size
  
  648KB
- MD5
  
  93a658e985408e0538044b8b91a2729c
- SHA1
  
  c1f250915cb43fc6a46d29dc28a1f09881fe0ded
- SHA256
  
  1789a36b829cd09dc4fd24323a0d1bb900494714b4cc7083af651630f2c42d2f
- SHA512
  
  5337c140a778e4ababf7dd82fcd280feb2a7e9e9db981c7fed1fff9c0ea8d562afe71992aa054e98ba9c715f0bea48d939f98b171110a7aaffcd372d23e2816e
- SSDEEP
  
  12288:zsB4GOFuvCfdDrklbm9QfwYUcTWQ5xQryR2:I4GOFCCFf4m9ESQWQDQ2Q
Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

behavioral2

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

© 2018-2025

Terms | Privacy