guloader | 331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25 | Triage

Submit
Reports

Overview

overview

Static

static

1

331a07b5bb...25.exe

windows7-x64

331a07b5bb...25.exe

windows10-2004-x64

8

Sharing

General

Target

331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25.exe
Size

677KB
Sample

240621-bjvg9aycpj
MD5

afc2cf9b291ca4fc649575f1efe5f1cb
SHA1

2398c35747669b1b83b5b965c1bff80c0f3183bc
SHA256

331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25
SHA512

aabbc68847a73856d8e8a902f7f6c9eddb7bbf1757875c7177e6e45a5de710a806a92233a2b29b25119962a70d8309027527faecf51acd0ace7985110487fd9f
SSDEEP

12288:ctnsok3P8bkkSrN7VJmKgcbiAtG6kT6KOuijXMJjTI3EWc2:Gk/FBrN7VJmKDiAt2HToe9

Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25.exe

Resource

win7-20240220-en

guloader lokibot collection downloader execution spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25.exe
- Size
  
  677KB
- MD5
  
  afc2cf9b291ca4fc649575f1efe5f1cb
- SHA1
  
  2398c35747669b1b83b5b965c1bff80c0f3183bc
- SHA256
  
  331a07b5bb8e8e5182c7db012d7471bced3bd83142be852b44e26c807d0b8d25
- SHA512
  
  aabbc68847a73856d8e8a902f7f6c9eddb7bbf1757875c7177e6e45a5de710a806a92233a2b29b25119962a70d8309027527faecf51acd0ace7985110487fd9f
- SSDEEP
  
  12288:ctnsok3P8bkkSrN7VJmKgcbiAtG6kT6KOuijXMJjTI3EWc2:Gk/FBrN7VJmKDiAt2HToe9
Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy