Overview

overview

10

Static

static

1

2e25828504...29.exe

windows7-x64

10

2e25828504...29.exe

windows10-2004-x64

5

Sightlessn...sm.ps1

windows7-x64

8

Sightlessn...sm.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    8474088e72f1516a5cb65b76bc3f96b2abd9d580e364d4f956feda6f1e7816e4

  • Size

    564KB

  • Sample

    240417-p4r5hsga34

  • MD5

    e6799e093532d23700324ced8c5372ce

  • SHA1

    d4ebc8086ad97e430522fbbe2a0ea88481750f0d

  • SHA256

    8474088e72f1516a5cb65b76bc3f96b2abd9d580e364d4f956feda6f1e7816e4

  • SHA512

    92d3fd64fc84ea4c399a4a97541765554705d867b5c2bb80103307b0e0b9e55820a40fbf7e647145eedb669c0a7ba22bd369af27bd303fc5e9fed1bd17c08b93

  • SSDEEP

    12288:4lOC/ls2Q9esoQpCVkWptdIi1Xm4s2FcmYew8IW60efpbyMMcK:4lx/ZO4QpC+WDSAmJ2F25mM5yMMr

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      2e2582850461cb8c5436a1efd3567fb06cd02b46173595fad475db5297c46929.exe

    • Size

      644KB

    • MD5

      01346623a0867a2876395a84be2baf2c

    • SHA1

      659db06443b0c10e30e5c882ea4bee583ef20509

    • SHA256

      2e2582850461cb8c5436a1efd3567fb06cd02b46173595fad475db5297c46929

    • SHA512

      b3a210505ad555c72471c736a5bd32d8e76820031f263f10d17b592c49cea4ab32a1de590f8f669b91002bbe6e4c82015142fd40757f7f65874be6cff636e1c0

    • SSDEEP

      12288:1XRAvufNFTr7Lh/yqcL4a/cCT/Ny8RvyEMIbrLNn/mqwDwmuu6TNxFu+p:1XRyUNJr7Lcqc/QsvyJKLNOPqu6hxFuc

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Sightlessness/Dysmerism.Med

    • Size

      60KB

    • MD5

      ef037dfca2b733d6a052cd01f09744e3

    • SHA1

      cf2d457d1ddfc533974927d068b70bb6c85cc7d8

    • SHA256

      15c7ba3afbeec0d04fe288f283e70822e0975b508681db31d1bdcdf636fd1ae5

    • SHA512

      7bab77d384b801f720f2f2de46ae8b0bd72d938da0209bc14fcaa3c6d09c0fd4076b21ed41bd94dd2c6e446c875c61e0b181602155e3fef02716a2a6191c2b41

    • SSDEEP

      1536:ImzgJquAF14rc16sCBUOMJk+7nfrAqvWL71vSt:bTnFCrcwGlJkWnfro71vS

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks