General

  • Target

    Factura_223024060_pdf.gz

  • Size

    521KB

  • Sample

    230710-rddwbaca7w

  • MD5

    17ab622f9a8373d3056151fbe2aea095

  • SHA1

    2c9de376833954e52a66e1c0c2ecd72fc49dcf21

  • SHA256

    c8e11b1458ff8e8f837f97b3fc98eb788de7de0525c58e24831df4f846929929

  • SHA512

    2bac4e63811bb8b082ef656e2be712f698cbd2ab2774f1260739c7df985a00122bbec0364a7fb86de522fb7a7b05dc7b5b1cd7041d9d6b4068fed0e2604ba228

  • SSDEEP

    12288:Z2fgdiffEFN4xlz94eGMrAxVaN6jPEKtcQGKyrJYZp3:ZIJ0FqzaeVrUVaN6jPEWO9rJS

Score
10/10

Malware Config

Targets

    • Target

      Factura_223024060_pdf.exe

    • Size

      599KB

    • MD5

      8b659a21de4ab804803b132238948fc9

    • SHA1

      465877da2e637cfd453b0ff0eb93c5ce1025b55e

    • SHA256

      68cf967f38f44205a0d7996e4b06956241c1c340844d22012de2605f6680c736

    • SHA512

      53e35c4ed18188655af5b8751a2c4ed21b50180f7ea0cc09a93cbdc6a554d7b8716672dcb1da3c9db13d1e7879e732ef7673cc25f5c21d3fc293ffb8d95b70a0

    • SSDEEP

      12288:jRbeidoEmJ1XlznfV4/Xw+3ItiKjV4hBjTdb4U2gbzQ:xIEm/Xlznt4/h3ItiK54hVTPQ

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks