Overview

overview

10

Static

static

8

evil.doc

windows10-2004_x64

10

Resubmissions

04-07-2022 18:03

220704-wnazmaceg3 10

04-07-2022 17:47

220704-wc2yzaceb9 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    evil.doc

  • Size

    534KB

  • Sample

    220704-wnazmaceg3

  • MD5

    18cfa7d7480f836e32b024bbb6400f2f

  • SHA1

    dd643576cc4a8012a6c48c73fb625e5c44d3b371

  • SHA256

    2beb372c916528fc943ad19a8e02729979cae0eae9f1f56f478f5240d2492b81

  • SHA512

    2389b80ae93431b3c8b6896cf9597980a956d708009dbae76dbbf933eb96378a50f877d6b59315612aaf5295ba9f06fc3c00e301c47c66d7d3654d3ac0b75421

Score
10/10
guloadernetwirebotnetdownloadermacromacro_on_actionstealer

Malware Config

Targets

    • Target

      evil.doc

    • Size

      534KB

    • MD5

      18cfa7d7480f836e32b024bbb6400f2f

    • SHA1

      dd643576cc4a8012a6c48c73fb625e5c44d3b371

    • SHA256

      2beb372c916528fc943ad19a8e02729979cae0eae9f1f56f478f5240d2492b81

    • SHA512

      2389b80ae93431b3c8b6896cf9597980a956d708009dbae76dbbf933eb96378a50f877d6b59315612aaf5295ba9f06fc3c00e301c47c66d7d3654d3ac0b75421

    Score
    10/10
    guloadernetwirebotnetdownloaderstealer

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks