Overview

overview

10

Static

static

PROFORMA F...df.exe

windows7-x64

7

PROFORMA F...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PROFORMA FATURA. Purchase Order. CINVPO202211120000023101.pdf.exe

  • Size

    513KB

  • Sample

    221221-k6q8safa8x

  • MD5

    a52478e75fbb20e4d0c2de385db1b3ce

  • SHA1

    ed9a76bd4c286c2b7ffa7b0bf5b66db2a1eb1088

  • SHA256

    88784edc4183537c005102816de40a74499b1261a416eb02fcf1dbcc634b349b

  • SHA512

    d2e0abab3c5bc436f2131d231761ba2539a9280781b3fa7eeac3f6a4a8c9d38c7d5d0ccdea952c5c2fe91e0803467eef1a583defedf7e7efd4d561d5d2d31d1c

  • SSDEEP

    12288:L3LuHzF7bje6/+3lRe+Q3JRtB1Ir/YJGPm030VDbHQ:WTF7PK3lRe+W5D8/YguHQ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      PROFORMA FATURA. Purchase Order. CINVPO202211120000023101.pdf.exe

    • Size

      513KB

    • MD5

      a52478e75fbb20e4d0c2de385db1b3ce

    • SHA1

      ed9a76bd4c286c2b7ffa7b0bf5b66db2a1eb1088

    • SHA256

      88784edc4183537c005102816de40a74499b1261a416eb02fcf1dbcc634b349b

    • SHA512

      d2e0abab3c5bc436f2131d231761ba2539a9280781b3fa7eeac3f6a4a8c9d38c7d5d0ccdea952c5c2fe91e0803467eef1a583defedf7e7efd4d561d5d2d31d1c

    • SSDEEP

      12288:L3LuHzF7bje6/+3lRe+Q3JRtB1Ir/YJGPm030VDbHQ:WTF7PK3lRe+W5D8/YguHQ

    Score
    10/10
    discoveryguloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks