General

  • Target

    865306d0b13516f7f33fbd707d0d92c8706e4bfb1a99153c1361559f710bd45e.exe

  • Size

    526KB

  • Sample

    240326-c4dkxaca39

  • MD5

    63431a90363414f88d575f70f27762ce

  • SHA1

    fd0268e6b54a60f2c04a577b1f0001a4176138c8

  • SHA256

    865306d0b13516f7f33fbd707d0d92c8706e4bfb1a99153c1361559f710bd45e

  • SHA512

    b51c3f6041c40a3a662d98cc2dc925629a86f927d08a71e76309c10694d45cec0ba498f4bb34fb6f48759618ec6edd9c365dcc2b091e15729d75f5b051667901

  • SSDEEP

    12288:oS2dnErpbwb05qldvfvcf7Ac4kj3WdmrJheUuuUjvQ9B:L2dE1b405qldncMc4kjWSJUuUjvy

Malware Config

Targets

    • Target

      865306d0b13516f7f33fbd707d0d92c8706e4bfb1a99153c1361559f710bd45e.exe

    • Size

      526KB

    • MD5

      63431a90363414f88d575f70f27762ce

    • SHA1

      fd0268e6b54a60f2c04a577b1f0001a4176138c8

    • SHA256

      865306d0b13516f7f33fbd707d0d92c8706e4bfb1a99153c1361559f710bd45e

    • SHA512

      b51c3f6041c40a3a662d98cc2dc925629a86f927d08a71e76309c10694d45cec0ba498f4bb34fb6f48759618ec6edd9c365dcc2b091e15729d75f5b051667901

    • SSDEEP

      12288:oS2dnErpbwb05qldvfvcf7Ac4kj3WdmrJheUuuUjvQ9B:L2dE1b405qldncMc4kjWSJUuUjvy

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Regretable/Prferencetolden/Alluder152/Brinie29.Ban

    • Size

      57KB

    • MD5

      606f3c0d77738574d051cf2f7140aafd

    • SHA1

      becf7fe1fe0af569c52c94abadc970cca66ec0a6

    • SHA256

      5bb0a1909d79ecf1060382416cd6df278b2be9af709e3b072ca983d62f9b4861

    • SHA512

      8bcd585c03b3e8a145a17da6c00e3423d6f0e00f8ca3c34959c49867f651371dd993478ef81e098a1cd8c8d9890c7d1c62ae0488f095b39d4f96278664b340e8

    • SSDEEP

      768:4wErrM7A/9QKnpZ2H0ZjGtEbT59AILrUuh1tOBt33K2LCgPFKGft1Csv2EzbnQdx:4/nR2UIEn0Mw4fOBJJDgsBbnQdRWLJSB

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks