guloader | 598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d | Triage

Sharing

General

Target

598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d.vbs
Size

27KB
Sample

240924-bsat7ssapj
MD5

75cf248bc36b07024a94634aea0f50e4
SHA1

1f084ef9841dbbbf71acebde7a1e42458c5c5dd4
SHA256

598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d
SHA512

fd8c80224629ede0a7c43789a4d41f93167d8ab4c0894411bd1560e16318255f0f024a621c6c6f621f81c0388086dfd3957dd5248cb6df7e9e395c484f1344f7
SSDEEP

384:3cB+fa3MKdg+AXY7lIzCs8BYPJ0SFfGlujOGGOIWjt+5gc/SUl4YuFGpzEIK/hez:jKio5kBIBGeiJeruq

Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan

Malware Config

Targets

- Target
  
  598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d.vbs
- Size
  
  27KB
- MD5
  
  75cf248bc36b07024a94634aea0f50e4
- SHA1
  
  1f084ef9841dbbbf71acebde7a1e42458c5c5dd4
- SHA256
  
  598689302b9fd890ab7c3a35d2c984a44cbe57ffd126de8457f0f709b3c30c6d
- SHA512
  
  fd8c80224629ede0a7c43789a4d41f93167d8ab4c0894411bd1560e16318255f0f024a621c6c6f621f81c0388086dfd3957dd5248cb6df7e9e395c484f1344f7
- SSDEEP
  
  384:3cB+fa3MKdg+AXY7lIzCs8BYPJ0SFfGlujOGGOIWjt+5gc/SUl4YuFGpzEIK/hez:jKio5kBIBGeiJeruq
Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan

behavioral2

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan