guloader | 5c0efea627341c89a4ee3eb88570f75545c9553997182341247830efee48fc02 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

A beérkez...sa.vbe

windows7-x64

A beérkez...sa.vbe

windows10-2004-x64

Sharing

General

Target

5c0efea627341c89a4ee3eb88570f75545c9553997182341247830efee48fc02
Size

11KB
Sample

240917-m4jf9szbpj
MD5

d63294b4ba91b928482d64b5c547698d
SHA1

329970dcd4953c0ce0b34594129a390b01b49d55
SHA256

5c0efea627341c89a4ee3eb88570f75545c9553997182341247830efee48fc02
SHA512

7382ec1f6650739797e3e593b30f779c2146fa48f282280160d2cae7c0f4593f4b36e93142b8faad6890a6a81f07afe5ffed58b7f542b7d2d775fa7afe8c29a4
SSDEEP

192:rfhVWZ6ShqRHhQZALjPNx6MUJJMNndXztaYF9HSsd2BuNGMF1vY6ot9nTHV9sQJt:/WZ6ShiPN4KdpaC9ysdHNGwpuT19Vbh

Score

10^/10

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

A beérkezett kérelem visszaigazolása.vbe

Resource

win7-20240903-en

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

A beérkezett kérelem visszaigazolása.vbe

Resource

win10v2004-20240802-en

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  A beérkezett kérelem visszaigazolása.vbe
- Size
  
  32KB
- MD5
  
  9921d0b5bf80b63899d793f480475cbe
- SHA1
  
  424494a62902199accb548a5e071fb457817e5d7
- SHA256
  
  b340106056e1f66bc231f34fa020dde1bc782b4bff01ab3693a56e03f233b629
- SHA512
  
  cbca7093bd5f08337ea58351d2e0efe757a28736e072f9d22b32e2cfd9496efadb892ae4735d15f2918e2c89b9361094b261ea7bb73f30c64dcbdf11b277edc2
- SSDEEP
  
  384:Z9vOg3OXUAF3JEkNcwcFAMQ1NQz32dCesqQdXy/vZ5mZYOvA9N4:Zp3O73JT8m9gTZesRXkYIQ
Score

10^/10

guloader lokibot collection credential_access discovery downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

behavioral2

guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

© 2018-2025

Terms | Privacy