Overview

overview

10

Static

static

lol.vbs

windows7-x64

10

lol.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lol.vbs

  • Size

    61KB

  • Sample

    230201-g4wtpscb65

  • MD5

    3b49d86ad344fc3aabdef0ac04195e83

  • SHA1

    b3b4d0470260da2bcfe5fa9feaeb98c3b79a39fa

  • SHA256

    fe9dcf1de0b47950294a318a23cd37374483e6f6ac5eb6cfb941957a1fe04685

  • SHA512

    fc70a5e88d27faaf5add0b0b5ec6578f76017e59e3049b222bb5f8edae6139909c0a11d6aa78dc912bf0dc11617978f11ebee5475503a9c6ac9f11cd83c6b4be

  • SSDEEP

    1536:1hRQJFsWO0ZhVy02qDqPKviVvYeIcKxpC:14JGWO0hyLqDqPKKV1Db

Score
10/10
guloaderdownloader

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://drive.google.com/uc?export=download&id=1zVdm4TylTH05tqt2K3tMhxuhguEtNYmV

Targets

    • Target

      lol.vbs

    • Size

      61KB

    • MD5

      3b49d86ad344fc3aabdef0ac04195e83

    • SHA1

      b3b4d0470260da2bcfe5fa9feaeb98c3b79a39fa

    • SHA256

      fe9dcf1de0b47950294a318a23cd37374483e6f6ac5eb6cfb941957a1fe04685

    • SHA512

      fc70a5e88d27faaf5add0b0b5ec6578f76017e59e3049b222bb5f8edae6139909c0a11d6aa78dc912bf0dc11617978f11ebee5475503a9c6ac9f11cd83c6b4be

    • SSDEEP

      1536:1hRQJFsWO0ZhVy02qDqPKviVvYeIcKxpC:14JGWO0hyLqDqPKKV1Db

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks