General

  • Target

    ConfirmingPagadas.vbs

  • Size

    332KB

  • Sample

    230201-slrmtaac73

  • MD5

    90b20f23d77c3dfd4ebad8538a5c4284

  • SHA1

    c6f9c9c3261e0ae23fd9310fc717fd2854c65c41

  • SHA256

    fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54

  • SHA512

    62234df693e5eb24e1fe9a218c83aaf439d328b64c185b6638ec193649199739f1c1dcd14cbccf7a232efa0108130393edebca6a59e7e2704ebdd2a20cf779bb

  • SSDEEP

    6144:hvFUdh1+32YLjSuRCMF7x9N6t3CeLVVZw6POOonCfONYUzrW66do+wY:hvFIh03dLjfRCMZg3CeZDbP3FsC6ytwY

Score
10/10

Malware Config

Targets

    • Target

      ConfirmingPagadas.vbs

    • Size

      332KB

    • MD5

      90b20f23d77c3dfd4ebad8538a5c4284

    • SHA1

      c6f9c9c3261e0ae23fd9310fc717fd2854c65c41

    • SHA256

      fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54

    • SHA512

      62234df693e5eb24e1fe9a218c83aaf439d328b64c185b6638ec193649199739f1c1dcd14cbccf7a232efa0108130393edebca6a59e7e2704ebdd2a20cf779bb

    • SSDEEP

      6144:hvFUdh1+32YLjSuRCMF7x9N6t3CeLVVZw6POOonCfONYUzrW66do+wY:hvFIh03dLjfRCMZg3CeZDbP3FsC6ytwY

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks