Overview

overview

10

Static

static

1

ea326ab009...b9.vbs

windows7-x64

10

ea326ab009...b9.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea326ab009621bee402f7e6a54423851ed9f357ff7c773b790f32be91098c2b9.vbs

  • Size

    35KB

  • Sample

    240918-b5swjswhjl

  • MD5

    a2e969a3c64b9e432d4057e91a5af6cc

  • SHA1

    9abb835f2fc269eeff99a37e38f1562bea9b5a12

  • SHA256

    ea326ab009621bee402f7e6a54423851ed9f357ff7c773b790f32be91098c2b9

  • SHA512

    aa589f29cf76c2bf571e51dfd43b2c2b3dbe115c0de3bd348aba06d648f667323a454a53726c29fc5814a833534a5148f43033540627b13989907c311d29bffa

  • SSDEEP

    384:Z9vOg3ChgWe7+yG0nzRSV+NtfOwxLzkvDYjcwGBZ0M6v5yTJp5aq:Zp3CfytNNzHBXyFpL

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      ea326ab009621bee402f7e6a54423851ed9f357ff7c773b790f32be91098c2b9.vbs

    • Size

      35KB

    • MD5

      a2e969a3c64b9e432d4057e91a5af6cc

    • SHA1

      9abb835f2fc269eeff99a37e38f1562bea9b5a12

    • SHA256

      ea326ab009621bee402f7e6a54423851ed9f357ff7c773b790f32be91098c2b9

    • SHA512

      aa589f29cf76c2bf571e51dfd43b2c2b3dbe115c0de3bd348aba06d648f667323a454a53726c29fc5814a833534a5148f43033540627b13989907c311d29bffa

    • SSDEEP

      384:Z9vOg3ChgWe7+yG0nzRSV+NtfOwxLzkvDYjcwGBZ0M6v5yTJp5aq:Zp3CfytNNzHBXyFpL

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks