General

  • Target

    39f598054d0d5f0f7f09669c029cb7cf6a0611e218553120d68cfeb69ec22642.zip

  • Size

    6KB

  • Sample

    240323-cmkmwscb49

  • MD5

    480aee6e6dc6f3a1b62a8e43cfe0e28b

  • SHA1

    d91014fe360d44e12de106b872b3e14d632e3c2e

  • SHA256

    39f598054d0d5f0f7f09669c029cb7cf6a0611e218553120d68cfeb69ec22642

  • SHA512

    df9874ae1e6fc9ffea4ea011102417fce442335add54b3f7d6df0380c4186999f2bdf81770221736661fcdbfda0ab9f2838a9e5e583214795932f9fb78c9391d

  • SSDEEP

    96:Q25ENmusjYT5nYO/K1KdvQswcd3H5G0fT4M3zXSMjhvccKCYOiFkxsTri7lsjgrJ:Q2WrKYJowv3H5G0fT/xO/nkmTehrJlh

Malware Config

Targets

    • Target

      awb_shipping_documents_22_03_2024_000000000.vbs.vbs

    • Size

      11KB

    • MD5

      6646a9bb09a2b4728226279754b6dafe

    • SHA1

      d3a0ce176ab0318ee04af196c94c4651c45669aa

    • SHA256

      c8516d6d8b755bebd51020602814ee36f447cf379f7e0ac0be3f576f573ada37

    • SHA512

      98c92b70a97659ecdc0f032582e8515b40f0841a1ea83918639e3f6ad6a3f014b938aa958eeea968b795945e40bc21e2ea2d371d1fef72d8b02af3747d19a7c8

    • SSDEEP

      192:1NCDZe4/HFVEKNCLDyOjduQ1PrWZj5DagfFWLJVgf/CNIY84aXn:2DZe4bKduoPAj5Vteg/CM4aXn

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks