General

  • Target

    475128640_20231129152352507pdf.exe

  • Size

    655KB

  • Sample

    231201-hmttfsff47

  • MD5

    4603b3b3b4ab4df6f9de5e6d5fa185fd

  • SHA1

    5521fce0bb45ee8c7a399446f4b588c7324d79dc

  • SHA256

    43acec52a82b408f6b5dc63f194f192fd83ce974960146540170b53090c39029

  • SHA512

    0b6b95fe888aca890a0293d0d2369919f8f2ff46e11cd8b6771545206db3b72e792600bb338e587daa889f64cdc31fcc5f0f0af81bf401e314132befc58547d1

  • SSDEEP

    6144:RmOPAPZVheNA+ff03sP6IKC1J5zsGitKXtnIyglMbsgHvLz3ZST70mw21NKl1+Bu:knhe2easP6A1J5xi+nIR/On291YLW

Score
10/10

Malware Config

Targets

    • Target

      475128640_20231129152352507pdf.exe

    • Size

      655KB

    • MD5

      4603b3b3b4ab4df6f9de5e6d5fa185fd

    • SHA1

      5521fce0bb45ee8c7a399446f4b588c7324d79dc

    • SHA256

      43acec52a82b408f6b5dc63f194f192fd83ce974960146540170b53090c39029

    • SHA512

      0b6b95fe888aca890a0293d0d2369919f8f2ff46e11cd8b6771545206db3b72e792600bb338e587daa889f64cdc31fcc5f0f0af81bf401e314132befc58547d1

    • SSDEEP

      6144:RmOPAPZVheNA+ff03sP6IKC1J5zsGitKXtnIyglMbsgHvLz3ZST70mw21NKl1+Bu:knhe2easP6A1J5xi+nIR/On291YLW

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks