General
-
Target
Filmist.vbs
-
Size
244KB
-
Sample
230116-jcdvxsfc8t
-
MD5
2bea6452110dc15a82c1ce2338ae9303
-
SHA1
a7468ff05aefc19fb775b680c2a8b26c231f34c6
-
SHA256
74aa007c5b52850273540fb6d8906c019348bfa166a4584afae57c50db7acb67
-
SHA512
b455aa7dc3ff311b40bc6f3b6a0cf3a2176f2d731b0811917337706387969e3aa1cb7ab3dd6ccbde33bd7ed17e8550ab97209deb29b68ee26f439935d992aec6
-
SSDEEP
6144:d0zI6PKjafngmtPaxbpuiaGmlZqgK9YPJuTYPfk5:+z5iOfngmtPaBpuiUlhBLfk5
Malware Config
Targets
-
-
Target
Filmist.vbs
-
Size
244KB
-
MD5
2bea6452110dc15a82c1ce2338ae9303
-
SHA1
a7468ff05aefc19fb775b680c2a8b26c231f34c6
-
SHA256
74aa007c5b52850273540fb6d8906c019348bfa166a4584afae57c50db7acb67
-
SHA512
b455aa7dc3ff311b40bc6f3b6a0cf3a2176f2d731b0811917337706387969e3aa1cb7ab3dd6ccbde33bd7ed17e8550ab97209deb29b68ee26f439935d992aec6
-
SSDEEP
6144:d0zI6PKjafngmtPaxbpuiaGmlZqgK9YPJuTYPfk5:+z5iOfngmtPaBpuiUlhBLfk5
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-