Overview

overview

10

Static

static

1

BÜDCƏ SO...df.vbs

windows7-x64

10

BÜDCƏ SO...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e643b9e300b0e3fdafe0e8817d5d8ab04e204f420b5c956ec8c16b299cd37730

  • Size

    10KB

  • Sample

    240924-tkbqmswarc

  • MD5

    8b858cce3d85567da3f72c00a48d1e4f

  • SHA1

    1fa5dd1623613cd9f48f40133cee6244ae2b2ffd

  • SHA256

    e643b9e300b0e3fdafe0e8817d5d8ab04e204f420b5c956ec8c16b299cd37730

  • SHA512

    eb5d9f48d3eab6e4430b666df03ea1c20579e738981a73d880fc53742f86165d8a207c3f2c2fcb4744bb23e69688d73da8f8573982a9fb1a52a7a524ea667d90

  • SSDEEP

    192:T0MIVfnn63rYf+JUn7EPmwtg4sQfHMMxrIvET435ofoFigQKt:T0MI5Fl7EPNgeVpIvETmuKihKt

Score
10/10
guloaderlokibotcollectiondiscoverydownloaderspywarestealertrojan

Malware Config

Targets

    • Target

      BÜDCƏ SORĞU 09-24-2024·pdf.vbs

    • Size

      35KB

    • MD5

      53973a41c0804ba8fa7bd96eb20b846f

    • SHA1

      17047a1f1dca84c5b687337772622b0ee7a8ed13

    • SHA256

      83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190

    • SHA512

      89a3b3671554b3fe81c688fefbf94a654626086da907ae5c754468ea9b0c01d1033b994653164e0ec13a0707bddc8edcdb418a9991da640793343320de7cf7b2

    • SSDEEP

      384:3dM4MvW87tcym0yosLMlRqeSMzHF7WbQrxK3dExzC2:+BSyDmYlciJybEK+xzC2

    Score
    10/10
    guloaderlokibotcollectiondiscoverydownloaderspywarestealertrojan

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Network Service Discovery

      Attempt to gather information on host's network.

      discovery

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks