General

  • Target

    Cobaltbghdbghich13_browsingExe.exe

  • Size

    63KB

  • Sample

    230802-wthxeshh6w

  • MD5

    d657568f8e43f34111509a5e8df9f8c7

  • SHA1

    143a124ec51df1c4b378344fcb92850b11d8ed8d

  • SHA256

    c56c915cd0bc528bdb21d6037917d2e4cde18b2ef27a4b74a0420a5f205869e6

  • SHA512

    8cfb5609955a228851b2e252d9c5dd3824f49b8bf62de05a3c2bb4096539e7dcdd574bc42af9113e5d22ccf937cd16a4e3584aeb7409ad1930de4144050a84fd

  • SSDEEP

    768:Ev0eEH6pOTYCbvsyXnzWW0Q0wqwWKYjKDNO9Fds7ZRAByGZolQKgP:EaHXYCzbV0BwQjMN6TstRABBOlQt

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=59DDD422D234EC53&resid=59DDD422D234EC53%21109&authkey=AP7E4GdQBTZYNjw

xor.base64

Targets

    • Target

      Cobaltbghdbghich13_browsingExe.exe

    • Size

      63KB

    • MD5

      d657568f8e43f34111509a5e8df9f8c7

    • SHA1

      143a124ec51df1c4b378344fcb92850b11d8ed8d

    • SHA256

      c56c915cd0bc528bdb21d6037917d2e4cde18b2ef27a4b74a0420a5f205869e6

    • SHA512

      8cfb5609955a228851b2e252d9c5dd3824f49b8bf62de05a3c2bb4096539e7dcdd574bc42af9113e5d22ccf937cd16a4e3584aeb7409ad1930de4144050a84fd

    • SSDEEP

      768:Ev0eEH6pOTYCbvsyXnzWW0Q0wqwWKYjKDNO9Fds7ZRAByGZolQKgP:EaHXYCzbV0BwQjMN6TstRABBOlQt

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks