Overview

overview

10

Static

static

3

Invoice.exe

windows7-x64

6

Invoice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53776b0e3e1bd4b8ae34fe8b1be11352_JaffaCakes118

  • Size

    33KB

  • Sample

    240518-hphtzagf4t

  • MD5

    53776b0e3e1bd4b8ae34fe8b1be11352

  • SHA1

    f87971d6d13d26081f8f5c5f0402fe608dfbdfee

  • SHA256

    dc249bae299755c425b8b4fdc1220b81dec4ab0521c863e75e7a75deb6d0a57b

  • SHA512

    128919477adf7a5d231250902068b984a9eccf6e3f35877a69bbf214f007e89a9b9847f597e715334c20a4081729f3482f7c1b7489e5c83f64e9fe8ad262186d

  • SSDEEP

    768:kg50ooyDAjnsMRi0gNCi9z+517VqHIPYSyuOI:R50oohzs/YPYSyuJ

Score
10/10
guloaderdownloaderguloaderpersistence

Malware Config

Extracted

Family

guloader

C2

http://185.224.128.43/ariiikkkk_encrypted_7EFF1B0.bin

xor.base64

Targets

    • Target

      Invoice.exe

    • Size

      68KB

    • MD5

      1579644ce72ad802ba00e84e8eeda25d

    • SHA1

      ede8b5d633c46f6464f40c693f90bcb9cc5e563e

    • SHA256

      943c00e81e428945cac86a29c06aa8d5569d38090ff1e94d273986861b845114

    • SHA512

      984492d560675301e992b5eebeb4275c4f1abcc6d98c035357189382ceb627a55f267bb63efebddbe633e0a4a7386ee815b02309d90197a1c16ae9e08ca02a10

    • SSDEEP

      1536:FuT6IKi/mNbzwlThmt7m/1vMl0Wqp50n3:TI9/mNbUlThI7m/CbqpSn3

    Score
    10/10
    persistenceguloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks