Overview

overview

10

Static

static

1

po.vbs

windows7-x64

10

po.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    po.vbs

  • Size

    29KB

  • Sample

    240923-reeh8syblm

  • MD5

    3490933db0427a4178c16600fc2c0ee3

  • SHA1

    772bc72406e1cebfe57d9f6369c9f3443a6f21b6

  • SHA256

    9749a63db5a46687c96ebcacb5cabead67de1ec227a36f21df1b54ca669d2e45

  • SHA512

    4b349e72426e439548162eab6f153f658c772c9270bc994393116d2bc071fbc3d7790723ba753feab4bc7ccb6a00c456379eeaa3c52093286473c64df6e6e337

  • SSDEEP

    384:3PWWSqDmUvtTJsnHbDTT8jWljLFoZpqJLoNPIuojqy:fWQJtTJs7DTFLFoZpqJkg6y

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      po.vbs

    • Size

      29KB

    • MD5

      3490933db0427a4178c16600fc2c0ee3

    • SHA1

      772bc72406e1cebfe57d9f6369c9f3443a6f21b6

    • SHA256

      9749a63db5a46687c96ebcacb5cabead67de1ec227a36f21df1b54ca669d2e45

    • SHA512

      4b349e72426e439548162eab6f153f658c772c9270bc994393116d2bc071fbc3d7790723ba753feab4bc7ccb6a00c456379eeaa3c52093286473c64df6e6e337

    • SSDEEP

      384:3PWWSqDmUvtTJsnHbDTT8jWljLFoZpqJLoNPIuojqy:fWQJtTJs7DTFLFoZpqJkg6y

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks