General
-
Target
Facturas Pagadas al Vencimiento.PDF.vbs
-
Size
323KB
-
Sample
230202-l17t1shf6x
-
MD5
a2b0e27953e18f84f131b68845ae040a
-
SHA1
4958961105a49b0898713976208333fffcc2b3f0
-
SHA256
64ceea761d30bc6d34cfca690e12bb3397756598b684b28446d3c7767f0468ec
-
SHA512
3b834efbea8a68eeecb7ad3ed5f9f5913ceba3014a1459b3c9b3298134888d3d9ee5b7ae451a07590bf18649a8f793081da8ef5bf9be693448f2b8dd6c6f9943
-
SSDEEP
6144:x+K5nT4YLJ+5GMT2O9L+qEik6G0yzwLE9yjd4fX+RlMx7s9fOuRKYb2:x+LYLJ+AMuh6Gd8EkjdIX+3Mx7DucYb2
Malware Config
Targets
-
-
Target
Facturas Pagadas al Vencimiento.PDF.vbs
-
Size
323KB
-
MD5
a2b0e27953e18f84f131b68845ae040a
-
SHA1
4958961105a49b0898713976208333fffcc2b3f0
-
SHA256
64ceea761d30bc6d34cfca690e12bb3397756598b684b28446d3c7767f0468ec
-
SHA512
3b834efbea8a68eeecb7ad3ed5f9f5913ceba3014a1459b3c9b3298134888d3d9ee5b7ae451a07590bf18649a8f793081da8ef5bf9be693448f2b8dd6c6f9943
-
SSDEEP
6144:x+K5nT4YLJ+5GMT2O9L+qEik6G0yzwLE9yjd4fX+RlMx7s9fOuRKYb2:x+LYLJ+AMuh6Gd8EkjdIX+3Mx7DucYb2
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation