General

  • Target

    見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs

  • Size

    181KB

  • Sample

    240325-twydsacg49

  • MD5

    5abfcbce1f90501808379e179feb51c8

  • SHA1

    e305ee8202f579517fe0634e22346584aaf4c148

  • SHA256

    7698fb4c720a5c5810a8b80ae25ef1e6f5185e49cb151ef21937f0788276354e

  • SHA512

    616becc5031d7b1d3e0b08b86a7a90b8a354a2357fe0fafe6e0e16c094eadfea2362452e32169b32f322b2c06e11c79b6220a40c8bd46be7dde21d086c7c2a5b

  • SSDEEP

    3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyC:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVJ

Malware Config

Targets

    • Target

      見積依頼先_(OU)_OSAKA-2024100044-05JP·pdf.vbs

    • Size

      181KB

    • MD5

      5abfcbce1f90501808379e179feb51c8

    • SHA1

      e305ee8202f579517fe0634e22346584aaf4c148

    • SHA256

      7698fb4c720a5c5810a8b80ae25ef1e6f5185e49cb151ef21937f0788276354e

    • SHA512

      616becc5031d7b1d3e0b08b86a7a90b8a354a2357fe0fafe6e0e16c094eadfea2362452e32169b32f322b2c06e11c79b6220a40c8bd46be7dde21d086c7c2a5b

    • SSDEEP

      3072:XPvtrVR7t/zhP5AbvMZoxnRcRKKh14t8EIuvQcVi1l8ok/1fyLbvj/3s0oV++hyC:/vdVR7tLhxAbvMZoxnRcsK3M8EIOQcVJ

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks