Overview

overview

10

Static

static

3

AMENDED CO...df.exe

windows7-x64

7

AMENDED CO...df.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8c03dfe6c66acdf569a445ad9eba5795f699e78bb6c347db55dfbff03daa120.zip

  • Size

    424KB

  • Sample

    240626-zqr8gatblh

  • MD5

    d73653fb655e3627f2ad3bcd7dbb2c82

  • SHA1

    4d5cc2bea8c2dc74ddd725fe9bea7389a2d39dd6

  • SHA256

    b71e123f35a70fe444f019c9b94fa65c383d14eced3647bb13ac4e50ec810af8

  • SHA512

    51091c0874b597012087fcb4d82c28234bffb75604db1c3fb9c788002dc91620010b7d4fc85d0d665e582da8a5d84f072045a4f1e36cc412331e1bb93780453c

  • SSDEEP

    12288:IHO3tKYRNkVJyq2NfoebDuedht+LEYuwKUTRZsGzhnHz:IXYRIyFAedhtGERwT9ZsGzhnHz

Score
10/10
guloaderdownloaderexecution

Malware Config

Targets

    • Target

      AMENDED CONTRACT-pdf.bat

    • Size

      749KB

    • MD5

      0dd2464556b15a0110a61fbb9c059fd7

    • SHA1

      85dc6648297ce3a175c87f90ad87c0c19940f7ec

    • SHA256

      ec718f7c0b27972083cd3990267d68a2cebd76b6fcaa224c44f3b165d95125f3

    • SHA512

      7a46b3ac69acdc85cfd54be576144035ef844cb64ac4a918735e1bf96fd1785e9c2d13e6d93424689397e3a89b879385638d3d96386d9ba49742b69271f4e23c

    • SSDEEP

      12288:TA4AyshjrfD3NfhN3ImdnkOMR4vejLiuLbKc+z6ps:TA4A/hfDJ3IokOMR4vaiu68s

    Score
    10/10
    executionguloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      b5a1f9dc73e2944a388a61411bdd8c70

    • SHA1

      dc9b20df3f3810c2e81a0c54dea385704ba8bef7

    • SHA256

      288100583f65a2b7acfc0c7e231c0e268c58d3067675543f627c01e82f6fd884

    • SHA512

      b9c8d71b5da00f2aff7847b9ec3bd8a588afeb525f47a0df235b52f7b2233edb3928a2c8e0b493f287c923cc52a340ad6fee99822595d6591df0e97870de92a8

    • SSDEEP

      96:p7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNQ3e:lXhHR0aTQN4gRHdMqJVgNH

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks