General

  • Target

    glicthed_toilet.vbs

  • Size

    15KB

  • Sample

    230809-jh4crshf96

  • MD5

    049b9014e6f8a2694db9e0a2d22b7599

  • SHA1

    789da03f8239f32de6c79e548727d1a9026d8b1d

  • SHA256

    119a8db677b0d17dddfa22a63ee173517caaab0d36605bb0f36b6dfa6c118f0d

  • SHA512

    378530eee621659047620ced4a76abeb3867b0aa4addfeb6bdb941536bf28f826a2aa4be8e57b0fb2181ca8c80fe2b0d41b0c78caae43f24329f42dd9dc945a8

  • SSDEEP

    384:eMerf4wOykhi+eRvezHGDx6xpuMcFrh/zzqRBwb:evrwwOyX7z4YFVrzRb

Score
10/10

Malware Config

Targets

    • Target

      glicthed_toilet.vbs

    • Size

      15KB

    • MD5

      049b9014e6f8a2694db9e0a2d22b7599

    • SHA1

      789da03f8239f32de6c79e548727d1a9026d8b1d

    • SHA256

      119a8db677b0d17dddfa22a63ee173517caaab0d36605bb0f36b6dfa6c118f0d

    • SHA512

      378530eee621659047620ced4a76abeb3867b0aa4addfeb6bdb941536bf28f826a2aa4be8e57b0fb2181ca8c80fe2b0d41b0c78caae43f24329f42dd9dc945a8

    • SSDEEP

      384:eMerf4wOykhi+eRvezHGDx6xpuMcFrh/zzqRBwb:evrwwOyX7z4YFVrzRb

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks