Overview

overview

10

Static

static

RFQ684863-...34.vbs

windows7-x64

10

RFQ684863-...34.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ684863-9559GR934.vbs

  • Size

    287KB

  • Sample

    221228-y698jsbe49

  • MD5

    58b358433271509d3efe72ef3b155145

  • SHA1

    ca7e96d94949ce0a4cad200000a0946b957d859f

  • SHA256

    20e37beeb1a1cddb7069c58f3c61438c47c15bba856f0e849812d78256dff6dc

  • SHA512

    f7f403c22832295537df5031dc8d1930eff9a5ef69d54f3bac1c9988c76d3ee456e1c9ad16ee853ed1692f61732adfbe45e2f4ac4d8eefa9e7991890357acbf9

  • SSDEEP

    6144:2NglXDitDfgrMEePig4Vqi0+VZultvayq8j8kGsmnuLlGq:sVTYMEePYVR0ya8fOGsmRq

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      RFQ684863-9559GR934.vbs

    • Size

      287KB

    • MD5

      58b358433271509d3efe72ef3b155145

    • SHA1

      ca7e96d94949ce0a4cad200000a0946b957d859f

    • SHA256

      20e37beeb1a1cddb7069c58f3c61438c47c15bba856f0e849812d78256dff6dc

    • SHA512

      f7f403c22832295537df5031dc8d1930eff9a5ef69d54f3bac1c9988c76d3ee456e1c9ad16ee853ed1692f61732adfbe45e2f4ac4d8eefa9e7991890357acbf9

    • SSDEEP

      6144:2NglXDitDfgrMEePig4Vqi0+VZultvayq8j8kGsmnuLlGq:sVTYMEePYVR0ya8fOGsmRq

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks