General

  • Target

    destinations.xlsx

  • Size

    339KB

  • Sample

    211014-gakvcagcd9

  • MD5

    a4bb01370caeb6363f6dc7923585481e

  • SHA1

    3eff08923d9b179edcc99fe52d95a46755eac939

  • SHA256

    c45eacade4845c8cf141724b92d6fd4401d30233b18b17e295d2d7a9a8944c40

  • SHA512

    0e361f54ff22f9d8ca6315ef7bd85734a55f982a4e7f1f021dadddbbf1a8802f8f68d17ada8a90faa4a351a282aaa915f92738d0eb2b968a6b947e1ded318570

Score
10/10

Malware Config

Targets

    • Target

      destinations.xlsx

    • Size

      339KB

    • MD5

      a4bb01370caeb6363f6dc7923585481e

    • SHA1

      3eff08923d9b179edcc99fe52d95a46755eac939

    • SHA256

      c45eacade4845c8cf141724b92d6fd4401d30233b18b17e295d2d7a9a8944c40

    • SHA512

      0e361f54ff22f9d8ca6315ef7bd85734a55f982a4e7f1f021dadddbbf1a8802f8f68d17ada8a90faa4a351a282aaa915f92738d0eb2b968a6b947e1ded318570

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks