guloader | 53b44695ac596bc12e58598d2f86b99687d736da69b2a793b7b2245d24bcec5e | Triage

Sharing

General

Target

53b44695ac596bc12e58598d2f86b99687d736da69b2a793b7b2245d24bcec5e.zip
Size

8KB
Sample

240926-bzgakazanm
MD5

ebe2aab25a4799b2071c9fa7f7e2644f
SHA1

0d0b6b9d6e1a77c5477e114471044d46b1b95e92
SHA256

53b44695ac596bc12e58598d2f86b99687d736da69b2a793b7b2245d24bcec5e
SHA512

de8d65c7976b6403e4e241b3950dc63c1e290065d76bcb1ee53305f4155e38b0d7fc096a1c522073a8fc4b19ef1e0ec129ff21a5ab530fc4e553707d24aea065
SSDEEP

192:yAr11t5EPjx9hbZ1zw2J2BLgDW5qGWNqZWD57EgvWwmdAmfz:B1GP99zpw2J29wW5fWgAD5YddAm7

Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan

Malware Config

Targets

- Target
  
  PERMINTAAN ANGGARAN (Universitas IPB) ID177888.vbe
- Size
  
  30KB
- MD5
  
  48ffdbe11975f3e1508cfc51c099afbc
- SHA1
  
  6c827054f0a9bb79595bd7e4dcdda8094474d8c8
- SHA256
  
  7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9
- SHA512
  
  007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca
- SSDEEP
  
  192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb
Score

10^/10

guloader lokibot collection discovery downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan

behavioral2

guloaderlokibotcollectiondiscoverydownloaderexecutionspywarestealertrojan