Overview

overview

10

Static

static

1

ConfirmingPagadas.vbs

windows7-x64

10

ConfirmingPagadas.vbs

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ConfirmingPagadas.vbs

  • Size

    347KB

  • Sample

    230207-rxexqacb77

  • MD5

    f11b79c769c9a90b99c94c67cb4f65ad

  • SHA1

    6b240b312e2f82ed5153f6576e292149b5864e92

  • SHA256

    371b09b2c178417073fe144d59c489dd2aa6dcf857f2c79bc289b88e2be690bd

  • SHA512

    84a808c49434903f710bbe6617cf92c7bcb0f90e387c06b03cdbdc16e369b62bf9e32355ad3da8a6175e694e1b82cb204c181b831ddda255b3b0ab22ba542a5c

  • SSDEEP

    6144:Z9q7eWOWb153bxobtFhLduPYQSGFkqzPHpx4H8hp9:fqTlD3lobhLdWN9TnC8b9

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      ConfirmingPagadas.vbs

    • Size

      347KB

    • MD5

      f11b79c769c9a90b99c94c67cb4f65ad

    • SHA1

      6b240b312e2f82ed5153f6576e292149b5864e92

    • SHA256

      371b09b2c178417073fe144d59c489dd2aa6dcf857f2c79bc289b88e2be690bd

    • SHA512

      84a808c49434903f710bbe6617cf92c7bcb0f90e387c06b03cdbdc16e369b62bf9e32355ad3da8a6175e694e1b82cb204c181b831ddda255b3b0ab22ba542a5c

    • SSDEEP

      6144:Z9q7eWOWb153bxobtFhLduPYQSGFkqzPHpx4H8hp9:fqTlD3lobhLdWN9TnC8b9

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks