guloader | b187478ed3f00d2157b587ff89b0241c3db74e50370bb3b5e25aac165a09891b

General

Target

DRAFT SHIPPING DOCUMENTS.exe
Size

353KB
Sample

240626-sra71szfqc
MD5

7fb6a8bbcc54cc1619ffd51aa9818fd6
SHA1

1bce717878bbc4e5638ca3fcc8179addd64a77fb
SHA256

b187478ed3f00d2157b587ff89b0241c3db74e50370bb3b5e25aac165a09891b
SHA512

9f3a56a2d642b940d01438783604c374017e9a94114a4298e957c047ca3ddbdccd5d360e5003a5f6b588e8429f5938081a338470d9a2981216b9870aeffb1032
SSDEEP

6144:ZsKxNX1AZr4pmt/DjcT3VMgEWM9Ks1i6bgQz8N6IjXjuPD:JWZr4pmtbjcT3ygK/11bR8NVoD

Score

10^/10

Malware Config

Targets

- Target
  
  DRAFT SHIPPING DOCUMENTS.exe
- Size
  
  353KB
- MD5
  
  7fb6a8bbcc54cc1619ffd51aa9818fd6
- SHA1
  
  1bce717878bbc4e5638ca3fcc8179addd64a77fb
- SHA256
  
  b187478ed3f00d2157b587ff89b0241c3db74e50370bb3b5e25aac165a09891b
- SHA512
  
  9f3a56a2d642b940d01438783604c374017e9a94114a4298e957c047ca3ddbdccd5d360e5003a5f6b588e8429f5938081a338470d9a2981216b9870aeffb1032
- SSDEEP
  
  6144:ZsKxNX1AZr4pmt/DjcT3VMgEWM9Ks1i6bgQz8N6IjXjuPD:JWZr4pmtbjcT3ygK/11bR8NVoD
Score

10^/10

guloader lokibot collection downloader spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  883eff06ac96966270731e4e22817e11
- SHA1
  
  523c87c98236cbc04430e87ec19b977595092ac8
- SHA256
  
  44e5dfd551b38e886214bd6b9c8ee913c4c4d1f085a6575d97c3e892b925da82
- SHA512
  
  60333253342476911c84bbc1d9bf8a29f811207787fdd6107dce8d2b6e031669303f28133ffc811971ed7792087fe90fb1faabc0af4e91c298ba51e28109a390
- SSDEEP
  
  96:UPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+l:UPtkuWJX7zB3kGwfy0nyUVsxCjOMb1u
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  8d4278d0b0af44c989ed14ea40b75e06
- SHA1
  
  072f92761b281bc20d0bc3b3486251f60e6c259f
- SHA256
  
  9c50ba10ff8009137ad005aee7bdcace042ff343b37e11cd6ca45a6186ae977e
- SHA512
  
  1a22c3aa8ea1ff980b5c7812f75a9369cfd74f2b780039e79c0c52eb00cb019bac6f860e97a7279f0c8e4c890e5dd1bca31e69d6548fc73397d4fa05c8b12542
- SSDEEP
  
  96:N7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNw38:xygp3FcHi0xhYMR8dMqJVgN
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Guloader,Cloudeye

Lokibot

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6