guloader | 49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a | Triage

Sharing

General

Target

PTFE Coated Butterfly Valve Picture·pdf.exe
Size

473KB
Sample

240704-g4b5asybqr
MD5

33bc360990c66beea144ae48d17504a6
SHA1

7dfb4c70ef7d73c8618ce8799d414ba3c3fe9684
SHA256

49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a
SHA512

a83b83ff3c462d39351553372055e0c16d98c8cfe3083c6958b631861575901cf68925d6a7dadab68f3c78deb59bab7d3d7541946f6e6b69073a5007fd3af1dd
SSDEEP

12288:TKYi/Le1bRNn/XoeBKk3nM40FC8/1YnrfY2:OFDe111/XlBLv0FCOcrfY2

Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan

Malware Config

Targets

- Target
  
  PTFE Coated Butterfly Valve Picture·pdf.exe
- Size
  
  473KB
- MD5
  
  33bc360990c66beea144ae48d17504a6
- SHA1
  
  7dfb4c70ef7d73c8618ce8799d414ba3c3fe9684
- SHA256
  
  49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a
- SHA512
  
  a83b83ff3c462d39351553372055e0c16d98c8cfe3083c6958b631861575901cf68925d6a7dadab68f3c78deb59bab7d3d7541946f6e6b69073a5007fd3af1dd
- SSDEEP
  
  12288:TKYi/Le1bRNn/XoeBKk3nM40FC8/1YnrfY2:OFDe111/XlBLv0FCOcrfY2
Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  350a507070ed063ac6a511aeef67861a
- SHA1
  
  cf647b90a1212e090f1d236d1b50a5010cbf3bae
- SHA256
  
  5c66abd3f06eaa357ed9663224c927cf7120dca010572103faa88832bb31c5ab
- SHA512
  
  cde5747cc8539625e4262afad9699ce4e8325133d7ed7f47b9d46989a7aa0d2cc2488441acc57368f485ef1dd3e02b9ef2faa642f68e9f1db53a39e0f896d468
- SSDEEP
  
  96:8eE0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkwnLiEQjJ3KxkP:tWBfjbUA/85q3wEh8uLmjLpmP
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  d1e37112390e6bcca8362788d61becf5
- SHA1
  
  d97888f0f69d34de202e7c68b8ff5b2c2fec4c5f
- SHA256
  
  77b40d42606d48f817b901f1e5abea114b4288b344b8c193bf3e3c52e469a926
- SHA512
  
  04121e5241ad14890095a6cf5e698979820fa97d911918b9b77f2064a713e20f4827f72c057d5da1789bc340d63f391872fe5dfbb79e6c33d3995f82c37fa51f
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  13b6a88cf284d0f45619e76191e2b995
- SHA1
  
  09ebb0eb4b1dca73d354368414906fc5ad667e06
- SHA256
  
  cb958e21c3935ef7697a2f14d64cae0f9264c91a92d2deeb821ba58852dac911
- SHA512
  
  2aeeae709d759e34592d8a06c90e58aa747e14d54be95fb133994fdcebb1bdc8bc5d82782d0c8c3cdfd35c7bea5d7105379d3c3a25377a8c958c7b2555b1209e
- SSDEEP
  
  96:oyqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4yqndYHnxss:oyq+CP3uKrpyREs06YxKdGn
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  b648c78981c02c434d6a04d4422a6198
- SHA1
  
  74d99eed1eae76c7f43454c01cdb7030e5772fc2
- SHA256
  
  3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9
- SHA512
  
  219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2
- SSDEEP
  
  96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10