General
-
Target
e36602a3b4045ad4983f7d206508caedbb2917ec13f125107ea9262b7d818ec6
-
Size
11KB
-
Sample
240919-zjw8vazclh
-
MD5
8e5baad17b0af6ee04e4957e3dd900f9
-
SHA1
a75347a9a4be5775c2fc6ac1e251710d9885c257
-
SHA256
e36602a3b4045ad4983f7d206508caedbb2917ec13f125107ea9262b7d818ec6
-
SHA512
8dc0e92000e0dcd13639eef8e0056b3a396f1ef0fbbee60dbc0101aabe725302a49f93095b73f6f189dfa5a1658a66187563b021a1fc830392c01a81e360dcec
-
SSDEEP
192:S6uxbZcdpX6gy+kU+2Q1+eoHbnmWUvXBjTWOjvnqRWOxTbX0HQFbtgj4JjFVEp0z:mbZb+qb1+e4ZUvXBTWwPstxX/JOujHy0
Malware Config
Targets
-
-
Target
SOLICITUD DE PEDIDO (Universidad de Lima) 09-19-2024.vbs
-
Size
31KB
-
MD5
47cac20c8fc2ca2e5afa529c6e8e4723
-
SHA1
ae8d6dc81dbe5484588327a1eec7b8ad72eee45e
-
SHA256
e2f64ec66f68feb67c5510ff5f17c82bd171354dec19e4fe4e5f601199c45efa
-
SHA512
dfa1416cb737c6a99fc18faa0c577a23cbb16f9daafccf9ce02802e6b5b3c2968a2fc2bc749b6c349dc2580d7ddd2178738b009f4ff4756767e573200acc522d
-
SSDEEP
384:Z9vOg3Cn+eBDvj1vTV0UA8Ja5cFzhKDty5iAT2WsWKOxZ1dmv/FIWMpeJK:Zp3CVDvY5Uf2pOMFIT1
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-