Overview

overview

10

Static

static

MILKA CHOC...Y.xlsx

windows7_x64

10

MILKA CHOC...Y.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MILKA CHOCO COW BISCUITS AND CADBURY OFFERS,TWIX,SNICKERS,BOUNTY,GALAXY.xlsx

  • Size

    1.2MB

  • Sample

    210722-5fwjrez9x6

  • MD5

    b7cdda847140697b7bb7866b06d2a225

  • SHA1

    874d1157c6e65813383c6b4bffd4d48948993c88

  • SHA256

    1e7447cb7adb3336fcf6d2837781a2ab0d9f9fd3060cde3a47293bd34a883cdb

  • SHA512

    8f4b6dd946571e501968cd8317012923d0ca879e3b8bd6cac782a5498887dbb15ca8ce2132a67d5e85a9d05fd700206892ea2789ba805af7be795a3aa005485c

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      MILKA CHOCO COW BISCUITS AND CADBURY OFFERS,TWIX,SNICKERS,BOUNTY,GALAXY.xlsx

    • Size

      1.2MB

    • MD5

      b7cdda847140697b7bb7866b06d2a225

    • SHA1

      874d1157c6e65813383c6b4bffd4d48948993c88

    • SHA256

      1e7447cb7adb3336fcf6d2837781a2ab0d9f9fd3060cde3a47293bd34a883cdb

    • SHA512

      8f4b6dd946571e501968cd8317012923d0ca879e3b8bd6cac782a5498887dbb15ca8ce2132a67d5e85a9d05fd700206892ea2789ba805af7be795a3aa005485c

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks