General
-
Target
10092024_0112_09092024_INVITACI�N A COTIZAR Nueva cervecer�a NUEVA CERVECER�A09-09-2024.rar
-
Size
6KB
-
Sample
240910-bknfbs1flf
-
MD5
f680fba2df2da7bcb7d1f0544799f415
-
SHA1
f97131e80c65e735ade4337e6033c759a11d3d1a
-
SHA256
3731b0bc8e7b933ac2b9c647677f7a2856691c7b70697ccb3f7fe468b4627e28
-
SHA512
75d1dbdf3546180bab4026285d10b65567c3c621dc07f5c6957ffe202b90cabd1c79444e0878d64a4c9a98f8ebf35fdc3947fc8563e96374e4c4b924d0c4f79a
-
SSDEEP
192:1WrOK4azaLzU75cRmWrUubT9cetUAk38Cji38:1WrOK4azaLc27rxlcm1I8ei38
Malware Config
Targets
-
-
Target
INVITACIÓN A COTIZAR Nueva cervecería NUEVA CERVECERÍA09-09-2024.vbe
-
Size
25KB
-
MD5
00e37725a3f758b23993a21b1ccb2d70
-
SHA1
c37411d16f916077438e9eeecbf6156be34b0530
-
SHA256
7d7c44eb94e4de1f69917adaeda0b47149ae93a212a6de4defaa865e9669c6ee
-
SHA512
8764bc8a0b6e4af0d34ec04b9547f6541bb9d57f475af73474f8bc9a4b8a935fba328deac09c7a5a65085f311915f5ebd5fe1a1152ac0cc1b47b59163d9016e5
-
SSDEEP
384:XkdmF6RYrwIiahDmhp7qr0PG3FLeakT55TGZ45h20aTywD6JbKQxN:XrF6RuhDmv7Boe75FGOhWVguQxN
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-