General
-
Target
1b8f8f752a1c7259f7f09702569ecdd5b1074d9816adcca96632fdef0733c8f5
-
Size
10KB
-
Sample
240923-1abffstglh
-
MD5
baa533a9bfa8f508f3e861a83303f253
-
SHA1
580fb9f75cb9ec3088b99cbc5c400091182f01a9
-
SHA256
1b8f8f752a1c7259f7f09702569ecdd5b1074d9816adcca96632fdef0733c8f5
-
SHA512
38391d0332d6141302bea7fa5acd6ac6063e4fc7aa0745153cf687b6d0ce8efb504716403345a880c9fe22d5697f2bdd3b0588d8d59b68791f725178dc951c88
-
SSDEEP
192:AzCYLtRwnuLeqV2mw0rulVDpVcDn+niJtuXoSXzskladZIw:GvBRwn0V2mOVDpVcZSXzzasw
Malware Config
Targets
-
-
Target
ŽÁDOST O ROZPOČET 09-23-2024·pdf.vbs
-
Size
35KB
-
MD5
fa21d757a727ace9fab8ba22e03f7dc5
-
SHA1
edaa3726683853a70e8176f2368e3254192a9a11
-
SHA256
b8911aa1f56a7803220464354c15dbdce5c70d0b66b03bd0aba25c0155f2f161
-
SHA512
3aaee7bc7a1726c193c36362d952c64eae4dc49ef2946bf430d8367cc012317ee7de3a761d3d079af72b8ce61d029b19f8fa3f24e1d8ba4d46064e0301f60925
-
SSDEEP
384:3ccI8+xqQKYYKmlKCKQakPsZOqP1tVzFdk4GL283f48QihlTCEAZpdk/yKR:sc+AnjlKCKgE77V0z7lTCEAZIDR
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-