Shipment Document BL,INV and packing list.jpg.ace

General
Target

Shipment Document BL,INV and packing list.jpg.ace

Size

71KB

Sample

210915-hxnp7adbar

Score
10 /10
MD5

da6877ef1c87bc4935317ad9aec310c7

SHA1

58168ab3a37b6e90a1e655cfc83fa1eb10f7bae2

SHA256

5c40de04e12f0037da4fe06a6b95f56ed472b342566d25736f4b671ef5462b65

SHA512

5edbf1cc4444e445e2bbef116e89c838a2ac6655d547a9c890195a994ab84c7a2cabcd6aeb6712b18b94beff81d49fe4ff3f559503499e4c622e6a9ada508489

Malware Config
Targets
Target

Shipment Document BL,INV and packing list.jpg.exe

MD5

df2413a552334b77e540bb8c69bf9763

Filesize

128KB

Score
10 /10
SHA1

453f88a44b3966a97fc4005a0b6edf894cdc8d41

SHA256

434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d

SHA512

de9fdb8b874bc68820be7cd0421d23265fc8127b4ed274461f48fcdb9efd3b374a4900b8b6ed6e741ca1e965d9093f6a8b05dbed3989a6ac26c985cded212f9d

Tags

Signatures

  • Guloader,Cloudeye

    Description

    A shellcode based downloader first seen in 2020.

    Tags

  • Checks QEMU agent file

    Description

    Checks presence of QEMU agent, possibly to detect virtualization.

    TTPs

    Query Registry System Information Discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10