Overview

overview

10

Static

static

PO#86349VG...01.vbs

windows7-x64

10

PO#86349VG...01.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#86349VGK=8WRKJF0046_REV001.vbs

  • Size

    291KB

  • Sample

    221227-eav9zahd5z

  • MD5

    f91002ce77e413acca9ee0995498c6a0

  • SHA1

    8de92955b70e18485da163f42527b5dbfd7a8df9

  • SHA256

    775f86f09403e354f445ddc2e0eea754dae45f990991254b5f9ad272cd7c44c5

  • SHA512

    3a675b4deee348c86346c35e96aaad283a11f700817c199c49e5b7a2abc422e4f2c91a4c9f0d61a94b1a7801a1ace354a249a8648b4f9a057de067cbbb736e8e

  • SSDEEP

    6144:VfuU9KAwyiMn0Lq8cJl+98PXM1lunYPs7S:4UUAwlM0JcJDSPB

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      PO#86349VGK=8WRKJF0046_REV001.vbs

    • Size

      291KB

    • MD5

      f91002ce77e413acca9ee0995498c6a0

    • SHA1

      8de92955b70e18485da163f42527b5dbfd7a8df9

    • SHA256

      775f86f09403e354f445ddc2e0eea754dae45f990991254b5f9ad272cd7c44c5

    • SHA512

      3a675b4deee348c86346c35e96aaad283a11f700817c199c49e5b7a2abc422e4f2c91a4c9f0d61a94b1a7801a1ace354a249a8648b4f9a057de067cbbb736e8e

    • SSDEEP

      6144:VfuU9KAwyiMn0Lq8cJl+98PXM1lunYPs7S:4UUAwlM0JcJDSPB

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks