Overview

overview

10

Static

static

1

????.vbs

windows7-x64

10

????.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ????.vbs

  • Size

    34KB

  • Sample

    240924-j81dssxclp

  • MD5

    641139188c9eb5ee84d12eebb22e0dad

  • SHA1

    9fe97ca78a39d50bfa2610e3f4b8a76e4db78377

  • SHA256

    6ff407811ce5f14f5302bcb2646e67946293cb333f6c8550801d80fea2af9ec1

  • SHA512

    d1781c8319f13d4d5e66b68e77b8b887a62eaea93aabb74770e396402ec11a2f5f81c213765c7a59d6ac4ac049df76ff459c1a4cc238257f1410bbf16aed462f

  • SSDEEP

    384:3Y2yRfD0I1dAONNjvmRr/fZzhACSFKeEQ:UfII1dpbjy9zhAhU6

Score
10/10
guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan

Malware Config

Targets

    • Target

      ????.vbs

    • Size

      34KB

    • MD5

      641139188c9eb5ee84d12eebb22e0dad

    • SHA1

      9fe97ca78a39d50bfa2610e3f4b8a76e4db78377

    • SHA256

      6ff407811ce5f14f5302bcb2646e67946293cb333f6c8550801d80fea2af9ec1

    • SHA512

      d1781c8319f13d4d5e66b68e77b8b887a62eaea93aabb74770e396402ec11a2f5f81c213765c7a59d6ac4ac049df76ff459c1a4cc238257f1410bbf16aed462f

    • SSDEEP

      384:3Y2yRfD0I1dAONNjvmRr/fZzhACSFKeEQ:UfII1dpbjy9zhAhU6

    Score
    10/10
    guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks