General
-
Target
6cb1779864f7d98f9198d2e4361bc1cf37e0d6cbe6a62cdd2f99ef963669b188
-
Size
9KB
-
Sample
240909-qdjk5a1hpg
-
MD5
3869ad04fff31be566e0fde24577d002
-
SHA1
fd967200533358080d7f41e48ec9419c45a1603c
-
SHA256
6cb1779864f7d98f9198d2e4361bc1cf37e0d6cbe6a62cdd2f99ef963669b188
-
SHA512
5e3f93ddd087163b3bb864fe50c55c0632a3dccb666a307e00457c1dbbd52c7224a8aa9cea4ab3f00091c754d34898f0f1963997e0bbb3d9fb83f657d5f650fe
-
SSDEEP
192:gSPPmG5IoCQms1+ecoXCUJbcofykWDH3sEkXoRpUD8G7ah9rZi:g2mGmLQmbecop4DpOoRp+NuhPi
Malware Config
Targets
-
-
Target
BUDŽETSKI ZAHTJEV 09-09-2024·pdf.vbs
-
Size
31KB
-
MD5
c75e9e87a0ce94268b6978556529a26a
-
SHA1
1afa71ddb65ad3e4950a41908ebf757f69927ae4
-
SHA256
be119bc4fa6bf774a3d85000d4f9cf1b7835c4bacff224248ae8b8fd6c7c98fc
-
SHA512
0087243cda3b48b3ba5c59678ee1d6dea5e5513769d81ab3a72696cc2305f267d6b5a7485dcd09d0f57914defd7a1f7d43bdfbf13a74c47384af07c9f95018d6
-
SSDEEP
384:1k3y65Wh/w0/P8tQJnTPGQ+m6+YlCMKoXKJmPnzdI91:1uy65mfBnyzpIMKoXKMPnzQ1
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-