General

  • Target

    awb_shipping_documents_25_03_2024_000000000.vbs

  • Size

    237KB

  • Sample

    240325-txja9aff2w

  • MD5

    937285e67679dcbd6d3a218cff5723e4

  • SHA1

    73023fa293fc84f1db845a75a4be3c2337c8da4d

  • SHA256

    d90f3ab705edef2a59cc39b6269f1a149f0f6e43e0aa4f128d05c1697726bcdb

  • SHA512

    607ea5c0cf19a5776d60c15942c28b5e9433e52f72abad0b250d7abb72f98721210d328c6915051cd9b2fa215a938ed64eebb20de3dc6b9511f2a2fa3cb1b773

  • SSDEEP

    6144:lyhQMLtOBxJrv5lttSP4KuK8jWwoipSRUiGT9rS2fTicm7jImE9uAI:ekVBDjI

Malware Config

Targets

    • Target

      awb_shipping_documents_25_03_2024_000000000.vbs

    • Size

      237KB

    • MD5

      937285e67679dcbd6d3a218cff5723e4

    • SHA1

      73023fa293fc84f1db845a75a4be3c2337c8da4d

    • SHA256

      d90f3ab705edef2a59cc39b6269f1a149f0f6e43e0aa4f128d05c1697726bcdb

    • SHA512

      607ea5c0cf19a5776d60c15942c28b5e9433e52f72abad0b250d7abb72f98721210d328c6915051cd9b2fa215a938ed64eebb20de3dc6b9511f2a2fa3cb1b773

    • SSDEEP

      6144:lyhQMLtOBxJrv5lttSP4KuK8jWwoipSRUiGT9rS2fTicm7jImE9uAI:ekVBDjI

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks