guloader | 7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9 | Triage

Sharing

General

Target

PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbe
Size

30KB
Sample

240925-3svcdsvbpq
MD5

48ffdbe11975f3e1508cfc51c099afbc
SHA1

6c827054f0a9bb79595bd7e4dcdda8094474d8c8
SHA256

7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9
SHA512

007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca
SSDEEP

192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb

Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan

Malware Config

Targets

- Target
  
  PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbe
- Size
  
  30KB
- MD5
  
  48ffdbe11975f3e1508cfc51c099afbc
- SHA1
  
  6c827054f0a9bb79595bd7e4dcdda8094474d8c8
- SHA256
  
  7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9
- SHA512
  
  007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca
- SSDEEP
  
  192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb
Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan

behavioral2

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan