Overview

overview

10

Static

static

1

Vejlensisk90.vbs

windows7-x64

10

Vejlensisk90.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Vejlensisk90.vbs

  • Size

    34KB

  • Sample

    230311-d5xkvaab4t

  • MD5

    5794e47d892a3cab512697ca7dc223f4

  • SHA1

    91f1ac9d1f3209bc5d1bc790319c3675d5a201ed

  • SHA256

    ffe477577469c87c606e0cbd9d0da68446cd8d895e4f4ab0a083f0a05ac8ab20

  • SHA512

    3699ec735f33e5b9c2c2d5b18ee75e15b736205adf65db8d30df0b56e7c5b0054f73d1eeb6f01e0e85aacbc5ea6cd004bd90c3f8c84b18db5cdf6ee3c2a1d228

  • SSDEEP

    768:UObCrpGDPcJLDAxj/gqJ77UgZw3d81bXK4HkMCYFN:J2rpkP2DABveKwNSbXFN

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      Vejlensisk90.vbs

    • Size

      34KB

    • MD5

      5794e47d892a3cab512697ca7dc223f4

    • SHA1

      91f1ac9d1f3209bc5d1bc790319c3675d5a201ed

    • SHA256

      ffe477577469c87c606e0cbd9d0da68446cd8d895e4f4ab0a083f0a05ac8ab20

    • SHA512

      3699ec735f33e5b9c2c2d5b18ee75e15b736205adf65db8d30df0b56e7c5b0054f73d1eeb6f01e0e85aacbc5ea6cd004bd90c3f8c84b18db5cdf6ee3c2a1d228

    • SSDEEP

      768:UObCrpGDPcJLDAxj/gqJ77UgZw3d81bXK4HkMCYFN:J2rpkP2DABveKwNSbXFN

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks