Overview

overview

10

Static

static

1

Solicitud ...df.vbs

windows7-x64

10

Solicitud ...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Solicitud de propuesta(E007-24)·pdf.vbs

  • Size

    39KB

  • Sample

    240916-rhvdvssamq

  • MD5

    8cf2b398b146f21370cb219bb37594be

  • SHA1

    56fc97edad29cea9cc20461f0a5a108eb85ff39e

  • SHA256

    5b2e29dbe690dc12e02e83841bd0f17faf05927644495021cc04a8d0b690b0a7

  • SHA512

    5942bd8c1f325ebad86063767d3abcff68dc4e748b4d0e0d6037688bd1b4cdbbe0357f4c8cf8e5fb685431b1f1b84078482094d21453a451a5232024bd397850

  • SSDEEP

    384:Z9vOg3T4NsuDiFamtT6Ha72kFUU/HqnXaR7vkSd76twA5G/vrplgxkkgZu:Zp3TKD4amtT6HabUUfxUtwA5GrplBR8

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      Solicitud de propuesta(E007-24)·pdf.vbs

    • Size

      39KB

    • MD5

      8cf2b398b146f21370cb219bb37594be

    • SHA1

      56fc97edad29cea9cc20461f0a5a108eb85ff39e

    • SHA256

      5b2e29dbe690dc12e02e83841bd0f17faf05927644495021cc04a8d0b690b0a7

    • SHA512

      5942bd8c1f325ebad86063767d3abcff68dc4e748b4d0e0d6037688bd1b4cdbbe0357f4c8cf8e5fb685431b1f1b84078482094d21453a451a5232024bd397850

    • SSDEEP

      384:Z9vOg3T4NsuDiFamtT6Ha72kFUU/HqnXaR7vkSd76twA5G/vrplgxkkgZu:Zp3TKD4amtT6HabUUfxUtwA5GrplBR8

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks