Overview

overview

10

Static

static

1

SOLICITUD ...df.vbs

windows7-x64

10

SOLICITUD ...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5818113aece5656d63337a40653b949023f5bd9d51a9212a8733504e3a5e7803

  • Size

    12KB

  • Sample

    240916-t2ehvsxhnq

  • MD5

    352fcfc58be44ecfba29869260863fe2

  • SHA1

    635a59157b8038fa447d7a40c7a9b72c16842e78

  • SHA256

    5818113aece5656d63337a40653b949023f5bd9d51a9212a8733504e3a5e7803

  • SHA512

    1edd94996a83f54ccf4ad556635b5a043cd6f1c972a19a250fb903e67611591f8ccbd06997d5ffca639daeec22dd0168bfb0d5fae65777fac76fe8ae81fb881b

  • SSDEEP

    192:qvam48ZdJ1ljtfp08qReALqvPESncKuln/db0TZQDxDp+Ct9Npt+6K+Uf:R8HJ1lF9no71V9p+a3t+sY

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      SOLICITUD DE PRESUPUESTO 09-16-2024·pdf.vbs

    • Size

      41KB

    • MD5

      7e4ddcf544043887aa681f00f4d88411

    • SHA1

      cbfea2438100a9bae01a06ccc73b06d51ace1626

    • SHA256

      132bb6c4728aa2754b10523a06e1d6ad4b571b59a3821c2baef81210d136d30d

    • SHA512

      e0156be04e9af473941eb289304a86f03cc77ae0d1d8bb90096ded7291dc6ebb149796f7f296f10e2c38a778a9c23ea322f541b2a27e6ae9dd2f7fbf9f726bab

    • SSDEEP

      384:Z9vOg3no0bPtRwN8Zb8BO7kLkpUJX4T2vz9xboQ8VfiQZykwNDG2R050v2r6Fuo3:Zp3nhaM+JzXgKQYYx9o7V

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks