guloader | 6d7f0587ad61a77009ec4d739d3ffd3f74e0ab8a572913812bef6b8c2b89ea54

General

Target

6d7f0587ad61a77009ec4d739d3ffd3f74e0ab8a572913812bef6b8c2b89ea54.exe
Size

568KB
Sample

241121-f6zspstmfn
MD5

62134cc34c58682721cb5bd2a9ba3624
SHA1

a650b3507161f8d705b183db6a965307d95625f4
SHA256

6d7f0587ad61a77009ec4d739d3ffd3f74e0ab8a572913812bef6b8c2b89ea54
SHA512

60de740c1ab5cd301a41a0ea483bbef28e3005acd73d61e808a0510cc95e746f25b18f39503110b80e5834275df9d1702639f0ed7ba90fadeba7809a9a9a4a82
SSDEEP

12288:32EITCKwUDsCypz+ZfyimdUTPhBDJxqmd3ZhZq:3wTKUDvypKJyihTj7qmdPZq

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.foodex.com.pk
Port:
587
Username:
[email protected]
Password:
wajahat1975

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.foodex.com.pk
Port:
587
Username:
[email protected]
Password:
wajahat1975
Email To:
[email protected]

Targets

- Target
  
  6d7f0587ad61a77009ec4d739d3ffd3f74e0ab8a572913812bef6b8c2b89ea54.exe
- Size
  
  568KB
- MD5
  
  62134cc34c58682721cb5bd2a9ba3624
- SHA1
  
  a650b3507161f8d705b183db6a965307d95625f4
- SHA256
  
  6d7f0587ad61a77009ec4d739d3ffd3f74e0ab8a572913812bef6b8c2b89ea54
- SHA512
  
  60de740c1ab5cd301a41a0ea483bbef28e3005acd73d61e808a0510cc95e746f25b18f39503110b80e5834275df9d1702639f0ed7ba90fadeba7809a9a9a4a82
- SSDEEP
  
  12288:32EITCKwUDsCypz+ZfyimdUTPhBDJxqmd3ZhZq:3wTKUDvypKJyihTj7qmdPZq
Score

10^/10

guloader discovery downloader vipkeylogger collection keylogger spyware stealer
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Vipkeylogger family
  vipkeylogger
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10

discovery
behavioral3 behavioral4