Overview

overview

10

Static

static

1

PO_Request...23.vbs

windows7-x64

10

PO_Request...23.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO_Request_Songsan08022023.vbs

  • Size

    415KB

  • Sample

    230209-yx3gcabd8w

  • MD5

    304ef3925d5877d7e455c42568472720

  • SHA1

    8797b52b425ff5b62aa3a15ddf8c77fc4cf48542

  • SHA256

    79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7

  • SHA512

    e752cba3cd7f3a2fa872b6a3f2938a8ef871d08fc7cce6cc3b727c5baede5c7505756844611390440306b9308be4e0914e7c825166e13d53ae0903cd4d6f2a57

  • SSDEEP

    12288:kVAT53NUeHP2NZEanDiSQkIPGl75+Y45ee1Ww4:P1h+nnOyIPG5sY45eeAw4

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      PO_Request_Songsan08022023.vbs

    • Size

      415KB

    • MD5

      304ef3925d5877d7e455c42568472720

    • SHA1

      8797b52b425ff5b62aa3a15ddf8c77fc4cf48542

    • SHA256

      79ae4e6797db31dc04ebb54ae5b24b248a556905b4ebc05014a4d4cefa130bf7

    • SHA512

      e752cba3cd7f3a2fa872b6a3f2938a8ef871d08fc7cce6cc3b727c5baede5c7505756844611390440306b9308be4e0914e7c825166e13d53ae0903cd4d6f2a57

    • SSDEEP

      12288:kVAT53NUeHP2NZEanDiSQkIPGl75+Y45ee1Ww4:P1h+nnOyIPG5sY45eeAw4

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks