General

  • Target

    Quotation.xls

  • Size

    339KB

  • Sample

    230802-s2167afd36

  • MD5

    243e3c34475bdf70ca47222010cc0221

  • SHA1

    9ba4b3e4b9a9e6b5e17e3f1608c2158cda84ebbd

  • SHA256

    bb0097d6085fb4c55679d016263b70cfa2727a9d505eb7fa4184ddca7f9188b9

  • SHA512

    6263c499693b7779840f2d6d898d902a1151aabeba6229297e3df6deaf7f7f6915833c22cf51c20151b2f7d1287b1ce6fb610c9a52948ad3d72dcd9540b339ea

  • SSDEEP

    6144:ZCunKoQ4YlLSmmeHZMhD6wM3XALQuEP8LWmUnS5D8RHKuu1xyyrtEdUQvAUD:ZDKoWQmmme6v3QLQuEPA2S5D+Xyxyyui

Score
10/10

Malware Config

Targets

    • Target

      Quotation.xls

    • Size

      339KB

    • MD5

      243e3c34475bdf70ca47222010cc0221

    • SHA1

      9ba4b3e4b9a9e6b5e17e3f1608c2158cda84ebbd

    • SHA256

      bb0097d6085fb4c55679d016263b70cfa2727a9d505eb7fa4184ddca7f9188b9

    • SHA512

      6263c499693b7779840f2d6d898d902a1151aabeba6229297e3df6deaf7f7f6915833c22cf51c20151b2f7d1287b1ce6fb610c9a52948ad3d72dcd9540b339ea

    • SSDEEP

      6144:ZCunKoQ4YlLSmmeHZMhD6wM3XALQuEP8LWmUnS5D8RHKuu1xyyrtEdUQvAUD:ZDKoWQmmme6v3QLQuEPA2S5D+Xyxyyui

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks