General

  • Target

    new-order PI-No202307110.XLS.docx.doc

  • Size

    11KB

  • Sample

    230808-n2v8qadh7x

  • MD5

    ed203e9a95bb5aed220c02e3e41840aa

  • SHA1

    5b90a10971c35a3f45e58e122c0e25e4049cbb98

  • SHA256

    4338ea7febcb6a73ff3a463dc3ff90d8330bfd2cd6d5f760dfe5516c74bdba69

  • SHA512

    9aeafbe447f47a30ebea465fc759f5dc27fb18c49ac5ff34d23075f04f4943f2f95a56a462840c0e12a5636b1cf937308f8041359bc43a00c9e34e5f3cf3c2be

  • SSDEEP

    192:mya0NnReBWk4N5eNA2A+EnVs+mg1SoBOJYaO36PvdrK16LvnY93cWeszUyDjB:myXnReBWku5+A2bkBdBOJYaOqPg6Lw9Z

Score
10/10

Malware Config

Targets

    • Target

      new-order PI-No202307110.XLS.docx.doc

    • Size

      11KB

    • MD5

      ed203e9a95bb5aed220c02e3e41840aa

    • SHA1

      5b90a10971c35a3f45e58e122c0e25e4049cbb98

    • SHA256

      4338ea7febcb6a73ff3a463dc3ff90d8330bfd2cd6d5f760dfe5516c74bdba69

    • SHA512

      9aeafbe447f47a30ebea465fc759f5dc27fb18c49ac5ff34d23075f04f4943f2f95a56a462840c0e12a5636b1cf937308f8041359bc43a00c9e34e5f3cf3c2be

    • SSDEEP

      192:mya0NnReBWk4N5eNA2A+EnVs+mg1SoBOJYaO36PvdrK16LvnY93cWeszUyDjB:myXnReBWku5+A2bkBdBOJYaOqPg6Lw9Z

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks