guloader | b77d73d329f1343e650a4e722bd43a9cf444f25bf46f09b2ca577c50bac290de | Triage

Submit
Reports

Overview

overview

Static

static

1

BPN__S-I03...df.exe

windows7-x64

BPN__S-I03...df.exe

windows10-2004-x64

8

Sharing

General

Target

b77d73d329f1343e650a4e722bd43a9cf444f25bf46f09b2ca577c50bac290de.zip
Size

559KB
Sample

240704-ccad6sybrm
MD5

48fcf0cfa6defc7027570a8d4b3f0ae5
SHA1

61559adc6f2d6c81070b987f2e8d7c9d4225d1f3
SHA256

b77d73d329f1343e650a4e722bd43a9cf444f25bf46f09b2ca577c50bac290de
SHA512

b5c07dc0352522c136ae432d4026f558f8b43160933e064f244884f142693989fc3cf4bc429ae6235721a5a3ed7b1d47f041b7ea00ae28f7c017a3204c49b489
SSDEEP

12288:ZK0S3q6tVd5qw6VET1VVKmuqYsVUVEqfyl0kcAksjBY:ZNS3HtRqwLVqNTO0a1Y

Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

BPN__S-I03810366200624-820240628503036_202407010849535435_20240702135021·pdf.exe

Resource

win7-20240220-en

guloader lokibot collection downloader execution spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

BPN__S-I03810366200624-820240628503036_202407010849535435_20240702135021·pdf.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  BPN__S-I03810366200624-820240628503036_202407010849535435_20240702135021·pdf.exe
- Size
  
  913KB
- MD5
  
  811a6608bd141b5c41cceaa9d1e7ee52
- SHA1
  
  63ee2d9a226ada53731204f906f5030cb6a28076
- SHA256
  
  1de20ab31a930a9f60a323ad35c4a0d670fc457cee78357d099784487bd8c9eb
- SHA512
  
  a27becb13d18fa4eb4c634ba2fb780505badd210fa380951948da1c9e56471649773786a2c0f35f889aa19981043f03375b10477b4b7b1fe10461dcedd8ca6cb
- SSDEEP
  
  12288:fBfOreq6OBi6FVd5cw6HETDVVKmuqCsV2qpqfyl0fGXJ9BqNJowksVz:lOreq6O9FRc2xVS5WEO0fG5vq7H
Score

10^/10

guloader lokibot collection downloader execution spyware stealer trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderlokibotcollectiondownloaderexecutionspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy