General
-
Target
b6552742d5da59aa0d5d84ab345cdad5ea1a13d2ccb35864e48f31d42f8c51d4
-
Size
11KB
-
Sample
240923-pcth9szcje
-
MD5
d5aa429f0faa5f570f036ad8403800e3
-
SHA1
dd73dae4633d23a1cd97634ef11c7cd5dc3e56bc
-
SHA256
b6552742d5da59aa0d5d84ab345cdad5ea1a13d2ccb35864e48f31d42f8c51d4
-
SHA512
39e5cee30f556e1003a516cdeca5a287297087b9c9dae011ae4727a7b36a52ffedb64710931cb91bd1e59bfc85a94ae1e0e7b09e9d0df7fb7dabb61ed3156147
-
SSDEEP
192:e2JqOCBYizdJi/xDFLtcQJYyRzvu9NY3lern9ojvy3hDXBHClxjcHiAp4OgMiD4I:e0qGiERVJYyZuvYMrijqxLBiFOp4r8L8
Malware Config
Targets
-
-
Target
ANGEBOTSANFRAGE (Universität Klagenfurt) 09-23-2024.vbs
-
Size
27KB
-
MD5
21acfd5802cf1f927885be5328116f00
-
SHA1
4730b0cfca259237e9ea9e79806560a7199e06df
-
SHA256
075d162e17dba73abb1a82c602e77f03633f1c2b4a8d61dd098a131160a47f3c
-
SHA512
615b6336fa309361ef05e11a201fd307c18e8be549a31deb4b3e1b49aba566d715c090a0935d3cc5a3109be516ba00112afba283f25d4573fcffe919bfeab53a
-
SSDEEP
384:3SvAzPEYfyUS4bpKMV+pQiiNcvKM5zqJ7IBPF:DPEYfy34bptV+ysbFo7e
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-