Overview

overview

10

Static

static

CMA-CGM BO...N.xlsx

windows7_x64

10

CMA-CGM BO...N.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CMA-CGM BOOKING CONFIRMATION.xlsx

  • Size

    1.2MB

  • Sample

    210719-wtdtlhsp3j

  • MD5

    1a23b8c8e5fa52a917c92207a8316b55

  • SHA1

    7b481fe511b2132d2d2dc7cad79aa5ebda0d3388

  • SHA256

    9584a27702d6f6fdecc4589a5c87b529ef2c41ca556ddf9325999a4bdb58fcc3

  • SHA512

    25b6303a6aa2996b82c0f6572d74e9b6bf39a617179f5c2a984643e953a7dcd56662e590fca95ae7b23e0cdf8873c86f5cc6d4417a3a5e5f071c0db5d8c10f86

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      CMA-CGM BOOKING CONFIRMATION.xlsx

    • Size

      1.2MB

    • MD5

      1a23b8c8e5fa52a917c92207a8316b55

    • SHA1

      7b481fe511b2132d2d2dc7cad79aa5ebda0d3388

    • SHA256

      9584a27702d6f6fdecc4589a5c87b529ef2c41ca556ddf9325999a4bdb58fcc3

    • SHA512

      25b6303a6aa2996b82c0f6572d74e9b6bf39a617179f5c2a984643e953a7dcd56662e590fca95ae7b23e0cdf8873c86f5cc6d4417a3a5e5f071c0db5d8c10f86

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks