guloader | 83252c5445f2321597bdb783d66531f4da21604063fea62c5bd7bfac48cb25a3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Zahteva za...df.vbs

windows7-x64

Zahteva za...df.vbs

windows10-2004-x64

Sharing

General

Target

83252c5445f2321597bdb783d66531f4da21604063fea62c5bd7bfac48cb25a3
Size

11KB
Sample

240917-v3g6tavgqk
MD5

0513cc31862470fe02dea7afae952248
SHA1

1283700a78ccc63d3dfac1f3730120d2f3b8d4da
SHA256

83252c5445f2321597bdb783d66531f4da21604063fea62c5bd7bfac48cb25a3
SHA512

4d619ed2da2de918e03f201d9d800f9a7fd808d59d9e308f14cb46e8b2fa27e8d118291392a28151866794411ad11ac019579b3f99c7e871c5b432fb2b9a4dcb
SSDEEP

192:/1PqHxe1WXS6EZa4GMbwImj3IvGdzuXuKE+OHrHj/niQlqh7jaL4FnJy:/1oxe1oT4fbxhGOuKnInPUFno

Score

10^/10

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Zahteva za proračun 09-17-2024·pdf.vbs

Resource

win7-20240704-en

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Zahteva za proračun 09-17-2024·pdf.vbs

Resource

win10v2004-20240802-en

guloader lokibot collection credential_access discovery downloader spyware stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  Zahteva za proračun 09-17-2024·pdf.vbs
- Size
  
  35KB
- MD5
  
  a2e969a3c64b9e432d4057e91a5af6cc
- SHA1
  
  9abb835f2fc269eeff99a37e38f1562bea9b5a12
- SHA256
  
  ea326ab009621bee402f7e6a54423851ed9f357ff7c773b790f32be91098c2b9
- SHA512
  
  aa589f29cf76c2bf571e51dfd43b2c2b3dbe115c0de3bd348aba06d648f667323a454a53726c29fc5814a833534a5148f43033540627b13989907c311d29bffa
- SSDEEP
  
  384:Z9vOg3ChgWe7+yG0nzRSV+NtfOwxLzkvDYjcwGBZ0M6v5yTJp5aq:Zp3CfytNNzHBXyFpL
Score

10^/10

guloader lokibot collection credential_access discovery downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

behavioral2

guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

© 2018-2025

Terms | Privacy