destinations.xlsx

General
Target

destinations.xlsx

Size

339KB

Sample

211014-gakvcagcd9

Score
10 /10
MD5

a4bb01370caeb6363f6dc7923585481e

SHA1

3eff08923d9b179edcc99fe52d95a46755eac939

SHA256

c45eacade4845c8cf141724b92d6fd4401d30233b18b17e295d2d7a9a8944c40

SHA512

0e361f54ff22f9d8ca6315ef7bd85734a55f982a4e7f1f021dadddbbf1a8802f8f68d17ada8a90faa4a351a282aaa915f92738d0eb2b968a6b947e1ded318570

Malware Config
Targets
Target

destinations.xlsx

MD5

a4bb01370caeb6363f6dc7923585481e

Filesize

339KB

Score
10 /10
SHA1

3eff08923d9b179edcc99fe52d95a46755eac939

SHA256

c45eacade4845c8cf141724b92d6fd4401d30233b18b17e295d2d7a9a8944c40

SHA512

0e361f54ff22f9d8ca6315ef7bd85734a55f982a4e7f1f021dadddbbf1a8802f8f68d17ada8a90faa4a351a282aaa915f92738d0eb2b968a6b947e1ded318570

Tags

Signatures

  • Guloader,Cloudeye

    Description

    A shellcode based downloader first seen in 2020.

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    1/10