General
-
Target
610119f52d69e8132b0130740836426d0b25fe5300ee4e12f2c51d1e36fec546.vbs
-
Size
187KB
-
Sample
240419-bvfhgacf98
-
MD5
f08f508e797fa19d89a8a4688019fd99
-
SHA1
32de77ff5689fbc68f64aa9cfd4405cc2686fd85
-
SHA256
610119f52d69e8132b0130740836426d0b25fe5300ee4e12f2c51d1e36fec546
-
SHA512
d33d6dbbac2945a22483026039a6f007698bbbc8a0e507a6cf14fb2a64e92125adbc5081c914fc5e7d6ff73c7018b28c38fa21b01a4c164b7e6fab7cc62c014d
-
SSDEEP
3072:2MC8jqTKK8ccABOwbDS2y2zJETxUuoHh3uSH/OY6C1HwvBpVs2RtBZo5mFSarDYM:QTR8ccABOwbDA2zJETxVu1NH/vsd7tBb
Malware Config
Targets
-
-
Target
610119f52d69e8132b0130740836426d0b25fe5300ee4e12f2c51d1e36fec546.vbs
-
Size
187KB
-
MD5
f08f508e797fa19d89a8a4688019fd99
-
SHA1
32de77ff5689fbc68f64aa9cfd4405cc2686fd85
-
SHA256
610119f52d69e8132b0130740836426d0b25fe5300ee4e12f2c51d1e36fec546
-
SHA512
d33d6dbbac2945a22483026039a6f007698bbbc8a0e507a6cf14fb2a64e92125adbc5081c914fc5e7d6ff73c7018b28c38fa21b01a4c164b7e6fab7cc62c014d
-
SSDEEP
3072:2MC8jqTKK8ccABOwbDS2y2zJETxUuoHh3uSH/OY6C1HwvBpVs2RtBZo5mFSarDYM:QTR8ccABOwbDA2zJETxVu1NH/vsd7tBb
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-