Overview

overview

10

Static

static

1

18b1abba90...83.exe

windows7-x64

10

18b1abba90...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0034fce6ab0a05dca93fbf84cc933bd2.bin

  • Size

    609KB

  • Sample

    230213-bcmttshg26

  • MD5

    d655be06c44519615355b26c9e2331c6

  • SHA1

    e96b85d728b14b80121abd44f086b4b703c9cbbd

  • SHA256

    7ded0823fe4911f4131276e603c3da24ebde856775f6d334e8cc850c9e18e6af

  • SHA512

    c5b40be0651172432d4111863621b3e58b615e4f848c933b646ba50cbcb2cbfed39d76f99df124386fd6eeb1945dd18a2f6ed856b27282a9ed28db3353b3b166

  • SSDEEP

    12288:x9wcfHwikQqOEixarueDW/lAP9VIxZo15fOxZmzp/rQ32Z6CQcdE2ReDWh:JlkQHbxyP0lAExS5OAp/r6JtBDWh

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83.exe

    • Size

      873KB

    • MD5

      0034fce6ab0a05dca93fbf84cc933bd2

    • SHA1

      b1614b89fd423326696a6dbaf40c56f82732f472

    • SHA256

      18b1abba90cf4a74b7216b91f02febb1c8694113f5ddc3507fd35b66253bcb83

    • SHA512

      5c76e1dbf491051d08d2e679e284168086473ea57b84762f5cb22ff33f067806faf9bf55edd42f90fe7d3838d9d654a3918e64df10c9ceba34cf5aedf21370d8

    • SSDEEP

      24576:PuHL2plae9Fplb2MnJNhdjLiDueXf98l8mkyvl:kelaezHJO/8l8mkyvl

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks