General
-
Target
INVITACIÓN A COTIZAR Nueva cervecería NUEVA CERVECERÍA.vbs
-
Size
33KB
-
Sample
240923-rg9r6aycjk
-
MD5
281d34b359213e18654c2d24b008dcbd
-
SHA1
4fb8957b0e96a81ec6582819470c4fdd82bd7170
-
SHA256
457020a6ebe0fe83e6e4f94addbddb4175f7beb1132658506f8f62dec48309b9
-
SHA512
6b1df16b37956d6e402e756c319fe9b1212d4c21a0aaf9db738f5363c9891af4d027579bda7252bab304e4eba05cec1cad45c89036fdb7c623593aa1a3e1039d
-
SSDEEP
384:3mldSVTNn2MTd0LDNsGRsNbs9/FKHgT3ed+2:2qVsMJ0SGCNbkIHgqdD
Malware Config
Targets
-
-
Target
INVITACIÓN A COTIZAR Nueva cervecería NUEVA CERVECERÍA.vbs
-
Size
33KB
-
MD5
281d34b359213e18654c2d24b008dcbd
-
SHA1
4fb8957b0e96a81ec6582819470c4fdd82bd7170
-
SHA256
457020a6ebe0fe83e6e4f94addbddb4175f7beb1132658506f8f62dec48309b9
-
SHA512
6b1df16b37956d6e402e756c319fe9b1212d4c21a0aaf9db738f5363c9891af4d027579bda7252bab304e4eba05cec1cad45c89036fdb7c623593aa1a3e1039d
-
SSDEEP
384:3mldSVTNn2MTd0LDNsGRsNbs9/FKHgT3ed+2:2qVsMJ0SGCNbkIHgqdD
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-