General
-
Target
24062024_1516_23062024_Statement 06_24.rar
-
Size
12KB
-
Sample
240624-sntvysyelf
-
MD5
7870fba639dff763fe792e558ebbf993
-
SHA1
29885d7a14863549460e3544ba93d211cff2a5f2
-
SHA256
9e0eb427595f62fdc31c425b96fcffbedee5420c940a81967b1830f15618326b
-
SHA512
64f4304e3490717aefa5c0e3a3c37a578c66d09e7df3c96f58b57dc8eb0c8a6960ba292fa1b8f0ba5496bedb6fdb9d40fdcd1bce884563832abfad70dc80b426
-
SSDEEP
384:rJj8gH6oIudosWU9juRRxGB37WJfjkgHVasFgSAOlQKsaBi:rJj8gHB+U0RARyJfj5a8lAOdU
Malware Config
Targets
-
-
Target
Statement 06_24.vbe
-
Size
23KB
-
MD5
207b136f41dce4a20ef01071d8358131
-
SHA1
e5561b3304b7655ff20240631abf1eaa2aff37ef
-
SHA256
63827bccbd36fabd8120635af4e68329bd834dc0e11c75d4bb81797421cb9d35
-
SHA512
76b182aeed7902032265434c78b5757db5e7949e360267fb3a5648586eeb25bf12c22ea4520db4f0b114aeb0f9c5976989c53ec94c5c475a3bc103ccaa5c8eb6
-
SSDEEP
384:nDJcEgWPwf0ulPLLgoylkWz1vAaFYruA/du48nAc55Xid6VKRm3PHAr:nFcEgWIfttLKWs1v9erzdu48Ac55XidH
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-