General

  • Target

    bill payment notice #43782 PDF.exe

  • Size

    380KB

  • Sample

    230718-nq59jsae5z

  • MD5

    9c44cdb43340fc9b7e3de6f4e0b95b29

  • SHA1

    e462d5b74202a1156a005ba5c032af092b3622fa

  • SHA256

    e712635bcf6dfae53c0b3679f053bd3a4e509e26295c0d3991887abc3e37f5b8

  • SHA512

    05dc10752c3340d1ba689868e0e7359f5b414f81bcbea9d4415a3a5035d80a0f3e028de1c506c33bfa6d27d9ce8e3867b549e5c4255f970ccdc780d58e78ea7b

  • SSDEEP

    6144:K4t6LsvuyXOLT/plOJb0r6iSeysFkHnhHMQ/4iw67Jf:Kkvz6/KJ06iSeLkHnyKAoJ

Malware Config

Targets

    • Target

      bill payment notice #43782 PDF.exe

    • Size

      380KB

    • MD5

      9c44cdb43340fc9b7e3de6f4e0b95b29

    • SHA1

      e462d5b74202a1156a005ba5c032af092b3622fa

    • SHA256

      e712635bcf6dfae53c0b3679f053bd3a4e509e26295c0d3991887abc3e37f5b8

    • SHA512

      05dc10752c3340d1ba689868e0e7359f5b414f81bcbea9d4415a3a5035d80a0f3e028de1c506c33bfa6d27d9ce8e3867b549e5c4255f970ccdc780d58e78ea7b

    • SSDEEP

      6144:K4t6LsvuyXOLT/plOJb0r6iSeysFkHnhHMQ/4iw67Jf:Kkvz6/KJ06iSeLkHnyKAoJ

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks