General

  • Target

    7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe

  • Size

    30KB

  • Sample

    240926-caewwazfqj

  • MD5

    48ffdbe11975f3e1508cfc51c099afbc

  • SHA1

    6c827054f0a9bb79595bd7e4dcdda8094474d8c8

  • SHA256

    7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9

  • SHA512

    007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca

  • SSDEEP

    192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb

Malware Config

Targets

    • Target

      7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9.vbe

    • Size

      30KB

    • MD5

      48ffdbe11975f3e1508cfc51c099afbc

    • SHA1

      6c827054f0a9bb79595bd7e4dcdda8094474d8c8

    • SHA256

      7614449f12890951020a0280e1eca1a6719a9fcc2162288bf734ffd6a15686f9

    • SHA512

      007a6ac5ffae54e449658de043dfcd2a73788eec63f4952af82e18015d4b823868bfcd132b0306ebb3d31ae4ccd9286bb45dd2c4730002f3f5ce199e30e329ca

    • SSDEEP

      192:3fgZfrE1HfkhjkKcokKa0TH7csFN/kugO48vbcQ0hmFI1NxK+UUftV/m4C4kRM58:38Zo6THFN/x48zP0w+1/84C4mb

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks