Overview

overview

10

Static

static

SC6LHHXO.xlsx

windows7_x64

10

SC6LHHXO.xlsx

windows10_x64

1

Resubmissions

26-07-2021 13:29

210726-7vtdyybxln 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SC6LHHXO.xlsx

  • Size

    1.2MB

  • Sample

    210726-7vtdyybxln

  • MD5

    66eed49ed42df8b0e811b9b8221a84a7

  • SHA1

    d36196495d754d0f70c1bf5319104f21818d1f0d

  • SHA256

    2f679887747ec5f7cad8a00b129ad20e2e8b02fcf6c3d4f248eb7036fae508a9

  • SHA512

    dd3820579c794f5a222ce0e4ed68245c717cd7997efbfb5d841a45c767e45a3408b007deb11492048f4a2a227473a6685264d5cedd11a2f5fb6a1f1648368e0b

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      SC6LHHXO.xlsx

    • Size

      1.2MB

    • MD5

      66eed49ed42df8b0e811b9b8221a84a7

    • SHA1

      d36196495d754d0f70c1bf5319104f21818d1f0d

    • SHA256

      2f679887747ec5f7cad8a00b129ad20e2e8b02fcf6c3d4f248eb7036fae508a9

    • SHA512

      dd3820579c794f5a222ce0e4ed68245c717cd7997efbfb5d841a45c767e45a3408b007deb11492048f4a2a227473a6685264d5cedd11a2f5fb6a1f1648368e0b

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks