Overview

overview

10

Static

static

1

13d2d3d9d1...8d.vbs

windows7-x64

10

13d2d3d9d1...8d.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13d2d3d9d17bd6ad8f75ba47c24f65f41641a59c353825a577075b34740adf8d.vbs

  • Size

    32KB

  • Sample

    240918-ha293axeqr

  • MD5

    f86db186324ba1041c28ec03385013eb

  • SHA1

    55334ef1aaca04dcca4bd5fde434272440b882cf

  • SHA256

    13d2d3d9d17bd6ad8f75ba47c24f65f41641a59c353825a577075b34740adf8d

  • SHA512

    bbe161665741d7a0a1c0575321385e5557a1fcfd8155c40a28c53d9c4734ba76e73d6b5bcc0efea1916d16b69aa4b59d697117639f8053460bddbf5fb3d127a0

  • SSDEEP

    384:Z9vOg3ezwXxR+gMJjRK7A4a88pk/Biyc2mmev5Nil3uCHgp:Zp3eGR+gMJdAPMRyG1i4Jp

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      13d2d3d9d17bd6ad8f75ba47c24f65f41641a59c353825a577075b34740adf8d.vbs

    • Size

      32KB

    • MD5

      f86db186324ba1041c28ec03385013eb

    • SHA1

      55334ef1aaca04dcca4bd5fde434272440b882cf

    • SHA256

      13d2d3d9d17bd6ad8f75ba47c24f65f41641a59c353825a577075b34740adf8d

    • SHA512

      bbe161665741d7a0a1c0575321385e5557a1fcfd8155c40a28c53d9c4734ba76e73d6b5bcc0efea1916d16b69aa4b59d697117639f8053460bddbf5fb3d127a0

    • SSDEEP

      384:Z9vOg3ezwXxR+gMJjRK7A4a88pk/Biyc2mmev5Nil3uCHgp:Zp3eGR+gMJdAPMRyG1i4Jp

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks