General

  • Target

    480aee6e6dc6f3a1b62a8e43cfe0e28b.bin

  • Size

    6KB

  • Sample

    240324-b9m6vsga64

  • MD5

    acd8ec74f637adc59e76f0f2bef04ba7

  • SHA1

    87311d6af67b59b9021c0dd16f080e3d5d0c3f66

  • SHA256

    fc4608deaab08f5843e7cb5fdd0f6df21004bde824db896975ec9e5045cd97bd

  • SHA512

    b495cac6f0f294754519116c27aa9e353ce01e4903b32bf113e01909e2674148b9826ae4c1bb1891585c35789253f58f5b5fbfb7d57d0105663ea9863f888433

  • SSDEEP

    192:AkxG6ZTZvuY/CsRA6ESm96+B9rd6SNsmG0:AEnTZWKC1uC6oNxV

Malware Config

Targets

    • Target

      awb_shipping_documents_22_03_2024_000000000.vbs.vbs

    • Size

      11KB

    • MD5

      6646a9bb09a2b4728226279754b6dafe

    • SHA1

      d3a0ce176ab0318ee04af196c94c4651c45669aa

    • SHA256

      c8516d6d8b755bebd51020602814ee36f447cf379f7e0ac0be3f576f573ada37

    • SHA512

      98c92b70a97659ecdc0f032582e8515b40f0841a1ea83918639e3f6ad6a3f014b938aa958eeea968b795945e40bc21e2ea2d371d1fef72d8b02af3747d19a7c8

    • SSDEEP

      192:1NCDZe4/HFVEKNCLDyOjduQ1PrWZj5DagfFWLJVgf/CNIY84aXn:2DZe4bKduoPAj5Vteg/CM4aXn

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks