Overview

overview

10

Static

static

Factura.PDF.vbs

windows7-x64

10

Factura.PDF.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura.PDF.rar

  • Size

    203KB

  • Sample

    230130-ryjx3aag27

  • MD5

    9ddb31cf7f924a5d729182cc171003bc

  • SHA1

    4ff99d6e73bc571a93967eb7fb6ce442446aafb8

  • SHA256

    b63e47f43607cf318bb4d8d857f65e1a105b8a1b9cfc0e670a45c4730d44eb30

  • SHA512

    93d7f8c07ebc6afd5d70b38784f92c5c58ab6d386ec654d11274bde5806c6ab8a23a68714976e74f218dc7548b614e6409f0e85515f69cd877dbacdb7844eeb2

  • SSDEEP

    6144:oXtpVrfubin6I7s2H4TaJG78b0C8MABb6ZLb:o9p56osBdvrB2Zf

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Factura.PDF.vbs

    • Size

      330KB

    • MD5

      ed0e0f21f05f2cb8532be52cc4662e68

    • SHA1

      e1e82fbd824112be8a18053a4c7475b78d64806c

    • SHA256

      02912e9095dd8683352dee911328ba880510bc366bf9d4a7a56355328b49e2a4

    • SHA512

      32286c555502e5eff6b0fa84d3f5de4953549bf253709deb535682817d4418fb9e7f6513686b42febe58238bbdbc52d604e559c32aeeefd7419f6accd12bf9ec

    • SSDEEP

      6144:ryK21aGtlv9NMLTReDutfjc6314t7ByaqOH9YNodCcmyvviq:rt2AclYkulIg12BT9Eo2Od

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks