Overview

overview

10

Static

static

Facturas P...DF.vbs

windows10-1703-x64

8

Facturas P...DF.vbs

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    230202-l17t1shf6x_pw_infected.zip

  • Size

    204KB

  • Sample

    230202-l92dlahf8v

  • MD5

    742f48459a719722f2b1b9e610162048

  • SHA1

    bf5295f4f08a4f7a983d714e1b5f1663a4e61565

  • SHA256

    e7a3e086273fe64376d56f728f4b0a8a48d1725e85bb2ae5ec6b3064a5ba2169

  • SHA512

    dd0ac58f9747ac00edc14a518803d59a1044b9ea3f3721c4be4a83fbfb93eefed9b28cb2f210e07cc390a164c14b685b68d8bebdcc75850b542d13c0e2854100

  • SSDEEP

    6144:Zllo6MJkmdfen9U2SsXeMw6xAmcBBA6LCYEX:Zvsk5uZmKJCYU

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Facturas Pagadas al Vencimiento.PDF.vbs

    • Size

      323KB

    • MD5

      a2b0e27953e18f84f131b68845ae040a

    • SHA1

      4958961105a49b0898713976208333fffcc2b3f0

    • SHA256

      64ceea761d30bc6d34cfca690e12bb3397756598b684b28446d3c7767f0468ec

    • SHA512

      3b834efbea8a68eeecb7ad3ed5f9f5913ceba3014a1459b3c9b3298134888d3d9ee5b7ae451a07590bf18649a8f793081da8ef5bf9be693448f2b8dd6c6f9943

    • SSDEEP

      6144:x+K5nT4YLJ+5GMT2O9L+qEik6G0yzwLE9yjd4fX+RlMx7s9fOuRKYb2:x+LYLJ+AMuh6Gd8EkjdIX+3Mx7DucYb2

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks