Overview

overview

10

Static

static

new order ...y.xlsx

windows7_x64

10

new order ...y.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order requirment-21 July.xlsx

  • Size

    1.2MB

  • Sample

    210721-62x3m7e99x

  • MD5

    25f7735ff71a70abf4bb508d2711f50b

  • SHA1

    7f40fff223019a3e399ca0ae0990afaf2695e93b

  • SHA256

    821f2880a8218afc0d30711b46f7d28e9adb2cd6c3db88b881de91090e72337f

  • SHA512

    27cd8ad83792a767a37ad9c0f22c5af3ab065bed8ec83ed577597f60fc8158e2fff0c83ab3f539e8e61a711f8ac0e35a9aa0534c3d8ae4fa054397c2c6b2bc4d

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      new order requirment-21 July.xlsx

    • Size

      1.2MB

    • MD5

      25f7735ff71a70abf4bb508d2711f50b

    • SHA1

      7f40fff223019a3e399ca0ae0990afaf2695e93b

    • SHA256

      821f2880a8218afc0d30711b46f7d28e9adb2cd6c3db88b881de91090e72337f

    • SHA512

      27cd8ad83792a767a37ad9c0f22c5af3ab065bed8ec83ed577597f60fc8158e2fff0c83ab3f539e8e61a711f8ac0e35a9aa0534c3d8ae4fa054397c2c6b2bc4d

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks