General
-
Target
ბიუჯეტის მოთხოვნა 09-23-2024·pdf.vbs
-
Size
27KB
-
Sample
240923-rfjvcaybnj
-
MD5
75cf248bc36b07024a94634aea0f50e4
-
SHA1
1f084ef9841dbbbf71acebde7a1e42458c5c5dd4
-
SHA256
598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d
-
SHA512
fd8c80224629ede0a7c43789a4d41f93167d8ab4c0894411bd1560e16318255f0f024a621c6c6f621f81c0388086dfd3957dd5248cb6df7e9e395c484f1344f7
-
SSDEEP
384:3cB+fa3MKdg+AXY7lIzCs8BYPJ0SFfGlujOGGOIWjt+5gc/SUl4YuFGpzEIK/hez:jKio5kBIBGeiJeruq
Malware Config
Targets
-
-
Target
ბიუჯეტის მოთხოვნა 09-23-2024·pdf.vbs
-
Size
27KB
-
MD5
75cf248bc36b07024a94634aea0f50e4
-
SHA1
1f084ef9841dbbbf71acebde7a1e42458c5c5dd4
-
SHA256
598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d
-
SHA512
fd8c80224629ede0a7c43789a4d41f93167d8ab4c0894411bd1560e16318255f0f024a621c6c6f621f81c0388086dfd3957dd5248cb6df7e9e395c484f1344f7
-
SSDEEP
384:3cB+fa3MKdg+AXY7lIzCs8BYPJ0SFfGlujOGGOIWjt+5gc/SUl4YuFGpzEIK/hez:jKio5kBIBGeiJeruq
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-