General
-
Target
?????????????????? (?????????????????????????.vbs
-
Size
21KB
-
Sample
240905-p6c4da1drj
-
MD5
1fda25d2ec636086e7ad9bc6cd47dad9
-
SHA1
1508e030e55585c467534260dcb43ac50cbc88f7
-
SHA256
d6c4f50e58d0d8f0e7d63c1efc9679beb855d6c27d0af1417c852b0f820a3ff6
-
SHA512
aabfbf4d7086c8af67697d4db02989145ee9812cdced64d519905600f510d1a67d00d56de175209ce2602e31eeaf517cdddcb8f7f578eace29ef1d3d8c31e4ca
-
SSDEEP
192:/8z8yaVDEgoxLcSJ7LXnlUeZFrQ8bOjQ8dNVDLu7gswBfpGHlehYk13jxcvhwGI/:NpUL3yezrQEIXV5sOxKCjxGYiVZ2cbg
Malware Config
Targets
-
-
Target
?????????????????? (?????????????????????????.vbs
-
Size
21KB
-
MD5
1fda25d2ec636086e7ad9bc6cd47dad9
-
SHA1
1508e030e55585c467534260dcb43ac50cbc88f7
-
SHA256
d6c4f50e58d0d8f0e7d63c1efc9679beb855d6c27d0af1417c852b0f820a3ff6
-
SHA512
aabfbf4d7086c8af67697d4db02989145ee9812cdced64d519905600f510d1a67d00d56de175209ce2602e31eeaf517cdddcb8f7f578eace29ef1d3d8c31e4ca
-
SSDEEP
192:/8z8yaVDEgoxLcSJ7LXnlUeZFrQ8bOjQ8dNVDLu7gswBfpGHlehYk13jxcvhwGI/:NpUL3yezrQEIXV5sOxKCjxGYiVZ2cbg
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-