General
-
Target
Bruttotrkkenes.vbs
-
Size
193KB
-
Sample
230120-kcq1xsfc3s
-
MD5
df88bb66cf07e271ccb302345a7a10ea
-
SHA1
bd264a4d6934077bbfacd3fed6ef33c208a3bb24
-
SHA256
978c47eff37f0a6a36c883ff44d5a92fcfbcb679091ac4ad3bdc1dd3b8bbf08c
-
SHA512
6a9ef5159fba37f0ce828a279580c1fbc1d06a06cae4b791aa6f51f4631c207177dbb9fced9712e77fef1276b1668b2e87e3649de1b8e6abb1c4073e2d47e457
-
SSDEEP
6144:5x3QywdXgjxRajxV1D5fZIhmYSpqXJykD:/3Qe9R8V1D9ZIhmY1Jr
Malware Config
Targets
-
-
Target
Bruttotrkkenes.vbs
-
Size
193KB
-
MD5
df88bb66cf07e271ccb302345a7a10ea
-
SHA1
bd264a4d6934077bbfacd3fed6ef33c208a3bb24
-
SHA256
978c47eff37f0a6a36c883ff44d5a92fcfbcb679091ac4ad3bdc1dd3b8bbf08c
-
SHA512
6a9ef5159fba37f0ce828a279580c1fbc1d06a06cae4b791aa6f51f4631c207177dbb9fced9712e77fef1276b1668b2e87e3649de1b8e6abb1c4073e2d47e457
-
SSDEEP
6144:5x3QywdXgjxRajxV1D5fZIhmYSpqXJykD:/3Qe9R8V1D9ZIhmY1Jr
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-