Overview

overview

10

Static

static

1

報價單�...df.vbs

windows7-x64

10

報價單�...df.vbs

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e25c78c08b2061404f89416b83a99735dcbfa97083a3759b43fb3e114374f9f4

  • Size

    126KB

  • Sample

    231114-a5lxkagc43

  • MD5

    21094c984af41fd5b702a2b4b40f7e38

  • SHA1

    39bc9b4b7ce82463242afb6dcfb10cf04bc594da

  • SHA256

    e25c78c08b2061404f89416b83a99735dcbfa97083a3759b43fb3e114374f9f4

  • SHA512

    a8e554f1f9bb1bac4494d89695fbf89259f89845a66842227fe7531e0fc35263bcc6acd5f4eb0bda159383ef2b346f251a0dd4de5258420f2226ce10ede1d841

  • SSDEEP

    3072:cuqhFHncnMRRaYf7oaRe1A2dMRJkaI+14tkWnf:cu6cMDa0Uqe1AEMrk014d

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      報價單號:06923-02584·pdf.vbs

    • Size

      256KB

    • MD5

      b1bc3eb37630081cdd66d8b3f609b95e

    • SHA1

      258f0f9e67ff4c18af408de7dce0c8a06655393f

    • SHA256

      a8ec1a894efa7982dec669951fc6722c52c945b548bff86b0ade0bbeb15431a3

    • SHA512

      d4faad29c4bbc135877bbcc3ff1947d4947afb2eb55a1f46115959e1c0f76082d4c8d3ba8f17b2229f0f99c2997be54987e9225048fb5f72ce64b673c85ad72a

    • SSDEEP

      6144:jbKIJnEsYvngOJiPPxUeE26+BF6880OzwTAFDUGmz:fKHnvUPxhElHwTAWz

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks