Overview

overview

10

Static

static

1

ARPPIBG231...FZ.exe

windows7-x64

10

ARPPIBG231...FZ.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ARPPIBG2315900 - 91314989-631-2023 - COBER FZ.exe

  • Size

    632KB

  • Sample

    231127-l7xydsfh2z

  • MD5

    4d67291b5a1db41b022fe514df34dc37

  • SHA1

    e78571ae68d8d61583d546392f53f2bc2e3d3524

  • SHA256

    a37ca07ce3c4ea49c6dc297df7929129292e64cbb63a1b9eddd536054e05eb84

  • SHA512

    6407fe2c5f8383da016fe64720d24bc9a80b6fbdc000373db5da2a3d25d0254842a97072faed9e1c38efbe35992b2b085423334320c0a045a83dfd8d00609e53

  • SSDEEP

    12288:JY3P5iNWbo9dovGs2bO6LitvUXFIZNUyJ4rQbToB6rmWZV5ROHdvNu8rn9+:JY3P5issvIGs2bO+1oNpJwmXrmWf5E9U

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      ARPPIBG2315900 - 91314989-631-2023 - COBER FZ.exe

    • Size

      632KB

    • MD5

      4d67291b5a1db41b022fe514df34dc37

    • SHA1

      e78571ae68d8d61583d546392f53f2bc2e3d3524

    • SHA256

      a37ca07ce3c4ea49c6dc297df7929129292e64cbb63a1b9eddd536054e05eb84

    • SHA512

      6407fe2c5f8383da016fe64720d24bc9a80b6fbdc000373db5da2a3d25d0254842a97072faed9e1c38efbe35992b2b085423334320c0a045a83dfd8d00609e53

    • SSDEEP

      12288:JY3P5iNWbo9dovGs2bO6LitvUXFIZNUyJ4rQbToB6rmWZV5ROHdvNu8rn9+:JY3P5issvIGs2bO+1oNpJwmXrmWf5E9U

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks