guloader | 69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab

General

Target

69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab.exe
Size

827KB
Sample

241113-cytpyavgjk
MD5

89b3b4723ea3983fc0f103eaf3093edc
SHA1

bb6fb38b57fd6694e0803d1de469f0a326e231f4
SHA256

69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab
SHA512

74befa13a84be96af3d7209113b11511dde96835c1a8a7a3453649cddf383d356a034632c58cc4778389495625fef0da894c03a75e5e04afdcf6eadc3dc947fa
SSDEEP

24576:UvYV0HT73uFztJXcrBbO3j8xa93BPapMMjC+eN3o67:POzaRcBbO3j193SLjC+ko

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.foodex.com.pk
Port:
587
Username:
[email protected]
Password:
wajahat1975

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.foodex.com.pk
Port:
587
Username:
[email protected]
Password:
wajahat1975
Email To:
[email protected]

Targets

- Target
  
  69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab.exe
- Size
  
  827KB
- MD5
  
  89b3b4723ea3983fc0f103eaf3093edc
- SHA1
  
  bb6fb38b57fd6694e0803d1de469f0a326e231f4
- SHA256
  
  69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab
- SHA512
  
  74befa13a84be96af3d7209113b11511dde96835c1a8a7a3453649cddf383d356a034632c58cc4778389495625fef0da894c03a75e5e04afdcf6eadc3dc947fa
- SSDEEP
  
  24576:UvYV0HT73uFztJXcrBbO3j8xa93BPapMMjC+eN3o67:POzaRcBbO3j193SLjC+ko
Score

10^/10

guloader discovery downloader vipkeylogger collection keylogger spyware stealer
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc90dfb694d0e17b013d6f818bce41b0
- SHA1
  
  3243969886d640af3bfa442728b9f0dff9d5f5b0
- SHA256
  
  7fe77ca13121a113c59630a3dba0c8aaa6372e8082393274da8f8608c4ce4528
- SHA512
  
  324f13aa7a33c6408e2a57c3484d1691ecee7c3c1366de2bb8978c8dc66b18425d8cab5a32d1702c13c43703e36148a022263de7166afdce141da2b01169f1c6
- SSDEEP
  
  192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk
Score

3^/10

discovery
behavioral3 behavioral4