Overview

overview

10

Static

static

8

statement_...10.doc

windows7_x64

10

statement_...10.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    statement_gateCSV0902221-22-10.doc

  • Size

    548KB

  • Sample

    220705-vrp3aadah8

  • MD5

    b0f5d6be788659aad5a859d61af1ba94

  • SHA1

    daa8f29996e3bbc742d1d914befb0edc67057290

  • SHA256

    434720a8844eb8f5f8f6eb6323c53a7776d3979a52c4214d1c2b0a4331db9ad0

  • SHA512

    dafdffafe50cf43616b98fce60c8e507dcd2a93a599d18142d4c40cec523c1800679ced2af43e8faa2f7f3a970e011918dca595e6f6352796d6447692aea670c

Score
10/10
guloadernetwirebotnetdownloadermacromacro_on_actionstealer

Malware Config

Targets

    • Target

      statement_gateCSV0902221-22-10.doc

    • Size

      548KB

    • MD5

      b0f5d6be788659aad5a859d61af1ba94

    • SHA1

      daa8f29996e3bbc742d1d914befb0edc67057290

    • SHA256

      434720a8844eb8f5f8f6eb6323c53a7776d3979a52c4214d1c2b0a4331db9ad0

    • SHA512

      dafdffafe50cf43616b98fce60c8e507dcd2a93a599d18142d4c40cec523c1800679ced2af43e8faa2f7f3a970e011918dca595e6f6352796d6447692aea670c

    Score
    10/10
    guloadernetwirebotnetdownloaderstealer

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Netwire

      Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.

      botnetstealernetwire

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks