General

  • Target

    Factura 0104109174pdf.exe

  • Size

    365KB

  • Sample

    230710-q2jwssag69

  • MD5

    8d4facbc82e988130375c5a5e7191e4e

  • SHA1

    c3a0f067c0366b0818cb1a823322607509131916

  • SHA256

    38b1fa09afda5be40267c84dc88ed1291301a6f031b2de0185d40dd9372b2c45

  • SHA512

    f10eee19242c151e590840910c1954081bba0523b006a3db95ef8366a3fb06d9740b0bef17d45f86600161fb026b15b6da874e589340fd141e3649aec20ac745

  • SSDEEP

    6144:/oShfEPZVheNA+ff03PJRnEv9Qw7ojvWUqyIMf6rbnf3I:QqCnhe2e47W9Q3DWLsfO/I

Malware Config

Targets

    • Target

      Factura 0104109174pdf.exe

    • Size

      365KB

    • MD5

      8d4facbc82e988130375c5a5e7191e4e

    • SHA1

      c3a0f067c0366b0818cb1a823322607509131916

    • SHA256

      38b1fa09afda5be40267c84dc88ed1291301a6f031b2de0185d40dd9372b2c45

    • SHA512

      f10eee19242c151e590840910c1954081bba0523b006a3db95ef8366a3fb06d9740b0bef17d45f86600161fb026b15b6da874e589340fd141e3649aec20ac745

    • SSDEEP

      6144:/oShfEPZVheNA+ff03PJRnEv9Qw7ojvWUqyIMf6rbnf3I:QqCnhe2e47W9Q3DWLsfO/I

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks