General

  • Target

    00158007317748300pdf.exe

  • Size

    643KB

  • Sample

    231201-hmv2hsff49

  • MD5

    e8a26832b7070a2d718361ceaed2be70

  • SHA1

    5ffa0795a805b09365268f9d9ad03ca803d77b49

  • SHA256

    aeea6fe11416d64a87076cd047112835e12c7ff2ea3eeecc961ca072b06434a6

  • SHA512

    f640c30c962a2d98f32fbfb24517a8ee33244fad6a8b025787c277fd15efdf1d530206b6dfdee503f20fc554bbb473cef99bad46eb62e58ae4018336d0a6e4c7

  • SSDEEP

    12288:rnhe2eaLtcvA+efuHdKqtveH6QKxtOxOn291YLW3:7hegT0dKqtK6QKfz2zYy3

Score
10/10

Malware Config

Targets

    • Target

      00158007317748300pdf.exe

    • Size

      643KB

    • MD5

      e8a26832b7070a2d718361ceaed2be70

    • SHA1

      5ffa0795a805b09365268f9d9ad03ca803d77b49

    • SHA256

      aeea6fe11416d64a87076cd047112835e12c7ff2ea3eeecc961ca072b06434a6

    • SHA512

      f640c30c962a2d98f32fbfb24517a8ee33244fad6a8b025787c277fd15efdf1d530206b6dfdee503f20fc554bbb473cef99bad46eb62e58ae4018336d0a6e4c7

    • SSDEEP

      12288:rnhe2eaLtcvA+efuHdKqtveH6QKxtOxOn291YLW3:7hegT0dKqtK6QKfz2zYy3

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks