Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

SKMBT_8812202816310TD01_20230128_17355 XLS.vbs
Size

62KB
Sample

230201-kcfvysce88
MD5

b1b4116585f8ad91d96392d0b931f317
SHA1

74c7f75227bac7df1cd2098f30727ddd21cd5b77
SHA256

c5fdd2b1883246a188a2410bb276961732718a76e5d380ef8fe1db8e05f72915
SHA512

cfe7f0b12f821d13fdbde559d0b86a9fd845d64b3d63628f08e16fb430c70ca706148157c4de09e607aa15bc9efb4dac2089e9c2ca5f5064130c7e1d9057c8b4
SSDEEP

1536:F3EyvLpylJpwwY9qdH7W78MUOp/dWvEVWE/d:F/v1ylJWwyqdH7W7HUgdAE4g

Score

10^/10

guloader downloader

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1zVdm4TylTH05tqt2K3tMhxuhguEtNYmV

Targets

- Target
  
  SKMBT_8812202816310TD01_20230128_17355 XLS.vbs
- Size
  
  62KB
- MD5
  
  b1b4116585f8ad91d96392d0b931f317
- SHA1
  
  74c7f75227bac7df1cd2098f30727ddd21cd5b77
- SHA256
  
  c5fdd2b1883246a188a2410bb276961732718a76e5d380ef8fe1db8e05f72915
- SHA512
  
  cfe7f0b12f821d13fdbde559d0b86a9fd845d64b3d63628f08e16fb430c70ca706148157c4de09e607aa15bc9efb4dac2089e9c2ca5f5064130c7e1d9057c8b4
- SSDEEP
  
  1536:F3EyvLpylJpwwY9qdH7W78MUOp/dWvEVWE/d:F/v1ylJWwyqdH7W7HUgdAE4g
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Web Service

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

guloaderdownloader

behavioral2