guloader | 1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb | Triage

Submit
Reports

Overview

overview

Static

static

1

1de20ab31a...eb.exe

windows7-x64

1de20ab31a...eb.exe

windows10-2004-x64

8

Sharing

General

Target

1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb.exe
Size

913KB
Sample

240704-bj3hvswdqr
MD5

811a6608bd141b5c41cceaa9d1e7ee52
SHA1

63ee2d9a226ada53731204f906f5030cb6a28076
SHA256

1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb
SHA512

a27becb13d18fa4eb4c634ba2fb780505badd210fa380951948da1c9e56471649773786a2c0f35f889aa19981043f03375b10477b4b7b1fe10461dcedd8ca6cb
SSDEEP

12288:fBfOreq6OBi6FVd5cw6HETDVVKmuqCsV2qpqfyl0fGXJ9BqNJowksVz:lOreq6O9FRc2xVS5WEO0fG5vq7H

Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb.exe

Resource

win7-20240221-en

guloader lokibot collection downloader execution spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb.exe
- Size
  
  913KB
- MD5
  
  811a6608bd141b5c41cceaa9d1e7ee52
- SHA1
  
  63ee2d9a226ada53731204f906f5030cb6a28076
- SHA256
  
  1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb
- SHA512
  
  a27becb13d18fa4eb4c634ba2fb780505badd210fa380951948da1c9e56471649773786a2c0f35f889aa19981043f03375b10477b4b7b1fe10461dcedd8ca6cb
- SSDEEP
  
  12288:fBfOreq6OBi6FVd5cw6HETDVVKmuqCsV2qpqfyl0fGXJ9BqNJowksVz:lOreq6O9FRc2xVS5WEO0fG5vq7H
Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy