Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

ConfirmingPagadas.vbs
Size

336KB
Sample

230130-se2jface3s
MD5

79acd11b5a893879f66b942c0255551a
SHA1

75381aca76a61771c8ddf87cb252d1cf937e4c7e
SHA256

e5d6f178c8ec39b38a9442d916430df30ad8d92b758275d46771826c73da4ffb
SHA512

3173052287d46b61c88047f7f42d383db64f806555fe50014fa9a3e50c9b925dfedc3db00acfa6dfdd743e483f26ce31b86d8e163206f38833a994ff5145184e
SSDEEP

6144:34zwC+tkObBKZ07RzugITV4E0xMnYm2xoOhegBgjTnd0:3s+trtKZ07BdsZYlhhewGTn6

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  ConfirmingPagadas.vbs
- Size
  
  336KB
- MD5
  
  79acd11b5a893879f66b942c0255551a
- SHA1
  
  75381aca76a61771c8ddf87cb252d1cf937e4c7e
- SHA256
  
  e5d6f178c8ec39b38a9442d916430df30ad8d92b758275d46771826c73da4ffb
- SHA512
  
  3173052287d46b61c88047f7f42d383db64f806555fe50014fa9a3e50c9b925dfedc3db00acfa6dfdd743e483f26ce31b86d8e163206f38833a994ff5145184e
- SSDEEP
  
  6144:34zwC+tkObBKZ07RzugITV4E0xMnYm2xoOhegBgjTnd0:3s+trtKZ07BdsZYlhhewGTn6
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

guloaderdownloader

behavioral2