Overview

overview

10

Static

static

1

c384d26e83...30.exe

windows7-x64

10

c384d26e83...30.exe

windows10-2004-x64

10

Graustark/...ed.ps1

windows7-x64

8

Graustark/...ed.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6fdd6febf575b2a684edbe7ee79cdd289b7f1c6b29fbec7a0fb058fea8b6183

  • Size

    566KB

  • Sample

    240417-p5btxsga66

  • MD5

    a7fca6095823537e3363a6e81825ecd6

  • SHA1

    cbdf4940c0aa486487eb1832e31da77c082fe2fb

  • SHA256

    b6fdd6febf575b2a684edbe7ee79cdd289b7f1c6b29fbec7a0fb058fea8b6183

  • SHA512

    a6330e49878aac53dcc17c6f5c324da749d108dc9ac89eca130af0e8714fad9dbd3808e2f4f437288e1f6f90dda505c59800c389c71f6b13d3c70d15ca5a73d5

  • SSDEEP

    12288:ydUUTxiszH21aDkHiOmJGwlA/5wURlk7QECtO4:ydYswHtmkwl5n3EO4

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      c384d26e83f585fbadd73e6cea441d1479d68de5bb647f775b506e5eab7f3230.exe

    • Size

      647KB

    • MD5

      90fda5c072fe00e8e737606add7f1276

    • SHA1

      68752dce786a29b815ec5454d4b4aa5f6bc73363

    • SHA256

      c384d26e83f585fbadd73e6cea441d1479d68de5bb647f775b506e5eab7f3230

    • SHA512

      df854ac565c084d47bc20e738ee8f36cf040d33fc2b7cb7c8ab84a83b2d77308b522eccd81e23e576bb9f82bf1ea00a50f33435522d8d2070923de0a862a2512

    • SSDEEP

      12288:IgXRAvufNFTr7L6GJpk/0C+wEc80Qu8j4RmYxrqwDwmuu6TNxFu+b:jXRyUNJr7L5vBC5ummYxrPqu6hxFu+

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Graustark/resultalet/Unmeringued.Brd

    • Size

      60KB

    • MD5

      8418ca27cc3391358049989e80076a60

    • SHA1

      0ca1bae9dfabae917324af7337d1ed8c2b6001aa

    • SHA256

      8559f472b29a2d1de1124b1b2aa6d62558b1207a3910048d77b9bb07501e3733

    • SHA512

      b6ee3a45200b5f218520c38fbde6b6a30e4f2e847ea890ace3b37a38b14f2c26ee12f21c350052336c67ac725233f1e5b65b1d0b5a4343ef0fca50214b96c01f

    • SSDEEP

      1536:FNKL+KTusOLdVQxd5B+n51ZPsXb7VZcrq/qhgPqpba5Znn:FNsl9Ud2u1ZP87ViQSpyBn

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks