Overview

overview

10

Static

static

1

DOSTOROZPO...df.vbs

windows7-x64

10

DOSTOROZPO...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOSTOROZPOET09-23-2024pdf.vbs

  • Size

    35KB

  • Sample

    240923-rxea7ascle

  • MD5

    fa21d757a727ace9fab8ba22e03f7dc5

  • SHA1

    edaa3726683853a70e8176f2368e3254192a9a11

  • SHA256

    b8911aa1f56a7803220464354c15dbdce5c70d0b66b03bd0aba25c0155f2f161

  • SHA512

    3aaee7bc7a1726c193c36362d952c64eae4dc49ef2946bf430d8367cc012317ee7de3a761d3d079af72b8ce61d029b19f8fa3f24e1d8ba4d46064e0301f60925

  • SSDEEP

    384:3ccI8+xqQKYYKmlKCKQakPsZOqP1tVzFdk4GL283f48QihlTCEAZpdk/yKR:sc+AnjlKCKgE77V0z7lTCEAZIDR

Score
10/10
guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      DOSTOROZPOET09-23-2024pdf.vbs

    • Size

      35KB

    • MD5

      fa21d757a727ace9fab8ba22e03f7dc5

    • SHA1

      edaa3726683853a70e8176f2368e3254192a9a11

    • SHA256

      b8911aa1f56a7803220464354c15dbdce5c70d0b66b03bd0aba25c0155f2f161

    • SHA512

      3aaee7bc7a1726c193c36362d952c64eae4dc49ef2946bf430d8367cc012317ee7de3a761d3d079af72b8ce61d029b19f8fa3f24e1d8ba4d46064e0301f60925

    • SSDEEP

      384:3ccI8+xqQKYYKmlKCKQakPsZOqP1tVzFdk4GL283f48QihlTCEAZpdk/yKR:sc+AnjlKCKgE77V0z7lTCEAZIDR

    Score
    10/10
    guloaderlokibotcollectioncredential_accessdiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks