Overview

overview

10

Static

static

1

tmpfafq4qma.exe

windows7-x64

10

tmpfafq4qma.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmpfafq4qma

  • Size

    914KB

  • Sample

    240702-fddd1azfpk

  • MD5

    685957fc8d1cb9176598abbd85f01b88

  • SHA1

    3d32596650fce3cf7687bbbc72caffc821d25887

  • SHA256

    68e7f4d2bf863ba81f7df626105d057cce0280693d8d1c6229d5a5b7a5b13ac3

  • SHA512

    f111150ea54da60ba4eed011b2acb3918a53075c45cb28f084b045bf94662e6af5f609b2f549cc38eb65d823699a5f70bca77fa5dbd864fc895c298b62f75e32

  • SSDEEP

    12288:+BfOreqYlj4XT9/VPsvkf3kLXUuq9HyBbqpqfyl0fGXJ9BqNJowksVg:QOreqYJWfqEukLEO0fG5vq7H+

Score
10/10
guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      tmpfafq4qma

    • Size

      914KB

    • MD5

      685957fc8d1cb9176598abbd85f01b88

    • SHA1

      3d32596650fce3cf7687bbbc72caffc821d25887

    • SHA256

      68e7f4d2bf863ba81f7df626105d057cce0280693d8d1c6229d5a5b7a5b13ac3

    • SHA512

      f111150ea54da60ba4eed011b2acb3918a53075c45cb28f084b045bf94662e6af5f609b2f549cc38eb65d823699a5f70bca77fa5dbd864fc895c298b62f75e32

    • SSDEEP

      12288:+BfOreqYlj4XT9/VPsvkf3kLXUuq9HyBbqpqfyl0fGXJ9BqNJowksVg:QOreqYJWfqEukLEO0fG5vq7H+

    Score
    10/10
    guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks