Overview

overview

10

Static

static

Facturas ...DF.vbs

windows7-x64

10

Facturas ...DF.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Facturas Pagadas al Vencimiento.PDF.rar

  • Size

    203KB

  • Sample

    230130-pjskjsbh9s

  • MD5

    3838bce6dee836f879ad1a102bcd3aa2

  • SHA1

    ab08a52353ea3c639a9a8ce53b27a818362489df

  • SHA256

    91ea91b3f006593dc14e137020808f7cdb1114a33da040575ebca93824447f94

  • SHA512

    c15e3fe98f82b6b9d046c0cf76e949ba73ecaa69134761f52152863fcbf607de5fc7ff1450e3049fde5e8c00bd66d7aa8303ee685f9bb13ed5704b3e8ef95c0e

  • SSDEEP

    6144:YXtpfrfuL4Mv5WGTqZJ1teDYCPJMOT1RBGb6kSJ+:Y9pfGTUhhCPuc1RM2U

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Facturas Pagadas al Vencimiento.PDF.vbs

    • Size

      330KB

    • MD5

      ed0e0f21f05f2cb8532be52cc4662e68

    • SHA1

      e1e82fbd824112be8a18053a4c7475b78d64806c

    • SHA256

      02912e9095dd8683352dee911328ba880510bc366bf9d4a7a56355328b49e2a4

    • SHA512

      32286c555502e5eff6b0fa84d3f5de4953549bf253709deb535682817d4418fb9e7f6513686b42febe58238bbdbc52d604e559c32aeeefd7419f6accd12bf9ec

    • SSDEEP

      6144:ryK21aGtlv9NMLTReDutfjc6314t7ByaqOH9YNodCcmyvviq:rt2AclYkulIg12BT9Eo2Od

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks