Overview

overview

10

Static

static

1

Scanned PO Copy.vbs

windows7-x64

10

Scanned PO Copy.vbs

windows10-2004-x64

10

Resubmissions

07/03/2024, 18:36

240307-w9awraaf85 10

07/03/2024, 18:29

240307-w4zb6abd5y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanned PO Copy.vbs

  • Size

    25KB

  • Sample

    240307-w9awraaf85

  • MD5

    c40a291f979115795d624cdcb76bed3a

  • SHA1

    5c1060ee1f39c93f06783cbe43ba67ae6100df03

  • SHA256

    fe8f2c101245a70eb688bacaeb0d04a9825ee9ea079b930d9454e9895907cc27

  • SHA512

    c4377f8ece8b2395fdd17ad8444d409a1bd2bdfd7ee245a53d735d5f9f9c9f921935325cc0a58b5ec0263712144239bcb7ed402421b14d68fca7c3d79d85d93e

  • SSDEEP

    768:dPkNPinAI+hfSuJODjNNdTeRj7FzLSF46hQMGjrvFtdH/:MAKb8vOnQrqtdf

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Scanned PO Copy.vbs

    • Size

      25KB

    • MD5

      c40a291f979115795d624cdcb76bed3a

    • SHA1

      5c1060ee1f39c93f06783cbe43ba67ae6100df03

    • SHA256

      fe8f2c101245a70eb688bacaeb0d04a9825ee9ea079b930d9454e9895907cc27

    • SHA512

      c4377f8ece8b2395fdd17ad8444d409a1bd2bdfd7ee245a53d735d5f9f9c9f921935325cc0a58b5ec0263712144239bcb7ed402421b14d68fca7c3d79d85d93e

    • SSDEEP

      768:dPkNPinAI+hfSuJODjNNdTeRj7FzLSF46hQMGjrvFtdH/:MAKb8vOnQrqtdf

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks