General

  • Target

    822ca31c5b8abc31d5b81fa02278907f.rtf

  • Size

    80KB

  • Sample

    230808-rg9gdsda29

  • MD5

    822ca31c5b8abc31d5b81fa02278907f

  • SHA1

    a105e79b85f8bb3c7c66a50af1c7b3f8a21ef5ea

  • SHA256

    8b5a7b79e5537e3f9bc64570f0671948ca33f7a8c979e74be718669c1e20f075

  • SHA512

    05bb5930df8265a49fee5fd31c12b9fcef94d96280fa7725a737c42f2821831759fe8b8410adc7729c50d0f73936d214a34a4bafc2c255adfa0d964b8a31d3bb

  • SSDEEP

    768:UwAbZSibMX9gRWjLNZMyhwAbZSibMX9gRWjOLz2C2AHcoYdEYVbA2rUN6NmV:UwAlRObdwAlR1zMAHfzYV5r7u

Score
10/10

Malware Config

Targets

    • Target

      822ca31c5b8abc31d5b81fa02278907f.rtf

    • Size

      80KB

    • MD5

      822ca31c5b8abc31d5b81fa02278907f

    • SHA1

      a105e79b85f8bb3c7c66a50af1c7b3f8a21ef5ea

    • SHA256

      8b5a7b79e5537e3f9bc64570f0671948ca33f7a8c979e74be718669c1e20f075

    • SHA512

      05bb5930df8265a49fee5fd31c12b9fcef94d96280fa7725a737c42f2821831759fe8b8410adc7729c50d0f73936d214a34a4bafc2c255adfa0d964b8a31d3bb

    • SSDEEP

      768:UwAbZSibMX9gRWjLNZMyhwAbZSibMX9gRWjOLz2C2AHcoYdEYVbA2rUN6NmV:UwAlRObdwAlR1zMAHfzYV5r7u

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks