General
-
Target
Document#749450pdf.exe
-
Size
657KB
-
Sample
230202-hx815afd79
-
MD5
15ae90fffd2f5fd0d3c28fdb6a1ed0b5
-
SHA1
4fd3d2470cd1c1e83bdac50ba103b1550fd5c1b9
-
SHA256
c2882a42e9ad87ef5260d3299307dae39af71853c75b44441c0dec497bc5c175
-
SHA512
6491b03ecaceacf0a1d75ac93a65e0ad03bf2e70c45dece60ef9d1cd3b8c3c691de1a13dd713c4f78b0a8a140e336c5344acd6f67ee1eacd799bad51bdba004b
-
SSDEEP
12288:b7EWNDJccwIWYh7jQofzmAuPMrkQUmGjbPhYYHNZcVbOcNjRtBnMAr87:MUlyYtjQG7uPMrkqnYt6OsNfC7
Malware Config
Targets
-
-
Target
Document#749450pdf.exe
-
Size
657KB
-
MD5
15ae90fffd2f5fd0d3c28fdb6a1ed0b5
-
SHA1
4fd3d2470cd1c1e83bdac50ba103b1550fd5c1b9
-
SHA256
c2882a42e9ad87ef5260d3299307dae39af71853c75b44441c0dec497bc5c175
-
SHA512
6491b03ecaceacf0a1d75ac93a65e0ad03bf2e70c45dece60ef9d1cd3b8c3c691de1a13dd713c4f78b0a8a140e336c5344acd6f67ee1eacd799bad51bdba004b
-
SSDEEP
12288:b7EWNDJccwIWYh7jQofzmAuPMrkQUmGjbPhYYHNZcVbOcNjRtBnMAr87:MUlyYtjQG7uPMrkqnYt6OsNfC7
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation