Overview

overview

10

Static

static

3

Factura 1-...df.exe

windows7-x64

10

Factura 1-...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Factura 1-000816pdf.bin.zip

  • Size

    234KB

  • Sample

    230714-swljjsfg6y

  • MD5

    044b12136247a237bb8dd752796bd6c3

  • SHA1

    1e41c8ad7ea9d95f40c67d3071c098fc1ded8a84

  • SHA256

    7fb0f9a2a6f1d9b75dac31e00e70c38a0bc26d2451561a0b37444244e1ddd62d

  • SHA512

    89e11a399ee57153294fc3e417bd338715ead33474e698bfaa02cb2570bbbee8c6f10aa6e8bffccece18e7c5af7baf444bdb0ab8cf33ec743734ed920a46e4dd

  • SSDEEP

    6144:77bJQMpTeVEYHe9LJ5c8gz9++/P4WjMJn/:7yMpJI4LJ5RA7/PnE/

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Factura 1-000816pdf.bin

    • Size

      362KB

    • MD5

      f022d5f21c803c1936e2c6f28f0f9240

    • SHA1

      43e0065a86b944771992db8af0cad4ee86631aa4

    • SHA256

      22b6816c45f86b303404b94b09b852a910d4ef335c05244c4acf6450ed86572b

    • SHA512

      71996f172266f4b5ece2c2f374df618310df7f1e4e895a50337f955335dec9bea5403abf05fb96a2734184a9d121b52f11c65a244930f39d92aefb8bc61a9a2c

    • SSDEEP

      6144:/oShfEPZVheNA+ff03j2NVag8mLWUkCs3dD1A2uwxMf6rbmOuGot:QqCnhe2e4j2627kCsERwGfvdt

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks