Overview

overview

10

Static

static

1

คำข�...df.vbs

windows7-x64

10

คำข�...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19092024_0635_คำขอจัดสรรงบประมาณ 09-17-2024·pdf.vbs.zip

  • Size

    12KB

  • Sample

    240919-hck4kawajq

  • MD5

    1d5e84f0f55184f3b9c9ee96a56b62ee

  • SHA1

    063659b1130b37a75499da2dcbfac34b2cf33b07

  • SHA256

    e7bfea4e30fcde02ae0231752d4fe8971ad9b5cfdf5b77a3a6313e54777a46a3

  • SHA512

    d913c5c12bc854c6e57da4cf969d3bc1cd6664b11c44d27c07ac2149bf557c8c9662c57fa59f6d09188ae89651ef42f249fc32703e75e4976a9fd4532371d6b3

  • SSDEEP

    192:oWmNxUXadqe0w0YL+3WDuPZt2V84SR3u+cMLrB02Ab5GMCVRNjhIdRTZozufNl74:oWmNx9dqe0FKDeaV0OMLQY39IdRNfSX

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      คำขอจัดสรรงบประมาณ 09-17-2024·pdf.vbs

    • Size

      32KB

    • MD5

      f86db186324ba1041c28ec03385013eb

    • SHA1

      55334ef1aaca04dcca4bd5fde434272440b882cf

    • SHA256

      13d2d3d9d17bd6ad8f75ba47c24f65f41641a59c353825a577075b34740adf8d

    • SHA512

      bbe161665741d7a0a1c0575321385e5557a1fcfd8155c40a28c53d9c4734ba76e73d6b5bcc0efea1916d16b69aa4b59d697117639f8053460bddbf5fb3d127a0

    • SSDEEP

      384:Z9vOg3ezwXxR+gMJjRK7A4a88pk/Biyc2mmev5Nil3uCHgp:Zp3eGR+gMJdAPMRyG1i4Jp

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks