guloader | 83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190 | Triage

Submit
Reports

Overview

overview

Static

static

1

83e8a0c092...90.vbs

windows7-x64

83e8a0c092...90.vbs

windows10-2004-x64

Sharing

General

Target

83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190.vbs
Size

35KB
Sample

240926-cc7dxatdjf
MD5

53973a41c0804ba8fa7bd96eb20b846f
SHA1

17047a1f1dca84c5b687337772622b0ee7a8ed13
SHA256

83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190
SHA512

89a3b3671554b3fe81c688fefbf94a654626086da907ae5c754468ea9b0c01d1033b994653164e0ec13a0707bddc8edcdb418a9991da640793343320de7cf7b2
SSDEEP

384:3dM4MvW87tcym0yosLMlRqeSMzHF7WbQrxK3dExzC2:+BSyDmYlciJybEK+xzC2

Score

10^/10

guloader lokibot collection discovery downloader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190.vbs

Resource

win7-20240708-en

guloader lokibot collection discovery downloader spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190.vbs

Resource

win10v2004-20240802-en

lokibot collection discovery spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190.vbs
- Size
  
  35KB
- MD5
  
  53973a41c0804ba8fa7bd96eb20b846f
- SHA1
  
  17047a1f1dca84c5b687337772622b0ee7a8ed13
- SHA256
  
  83e8a0c092ebc261447d0637d19914f1b5b93b2bd73b12f72fdf568de8d12190
- SHA512
  
  89a3b3671554b3fe81c688fefbf94a654626086da907ae5c754468ea9b0c01d1033b994653164e0ec13a0707bddc8edcdb418a9991da640793343320de7cf7b2
- SSDEEP
  
  384:3dM4MvW87tcym0yosLMlRqeSMzHF7WbQrxK3dExzC2:+BSyDmYlciJybEK+xzC2
Score

10^/10

guloader lokibot collection discovery downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderlokibotcollectiondiscoverydownloaderspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy