Overview

overview

10

Static

static

3

POTWIERDZE...56.exe

windows7-x64

7

POTWIERDZE...56.exe

windows10-2004-x64

10

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    POTWIERDZENIE_TRANSAKCJI_20240418145856.exe

  • Size

    1.2MB

  • Sample

    240419-hh9zwabb73

  • MD5

    c158865f5b408afda4774cfa56600795

  • SHA1

    e9ef032f011a0db8c2ed5d0573800b8abc06fc32

  • SHA256

    ea310af953089060b7bc1d94409996ec463a7bf0c6bb874ae984365b6f536c49

  • SHA512

    f64f20526e5fb6346774e8edaf9578d55aa9f0d579daeb4bce62bc78981a150ad767764576a89a98366a38a9c1bf879a49ed57773e7383fdf677f1ed8b5a4d1e

  • SSDEEP

    24576:fnSOQYR6LyVdgf1A9oi6QW8GpYIuEMnxP4jptmKulwhosdgrJhmfnf+kMLbp:/VRnt9oiNAYIdM94jptJbnE+fwp

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      POTWIERDZENIE_TRANSAKCJI_20240418145856.exe

    • Size

      1.2MB

    • MD5

      c158865f5b408afda4774cfa56600795

    • SHA1

      e9ef032f011a0db8c2ed5d0573800b8abc06fc32

    • SHA256

      ea310af953089060b7bc1d94409996ec463a7bf0c6bb874ae984365b6f536c49

    • SHA512

      f64f20526e5fb6346774e8edaf9578d55aa9f0d579daeb4bce62bc78981a150ad767764576a89a98366a38a9c1bf879a49ed57773e7383fdf677f1ed8b5a4d1e

    • SSDEEP

      24576:fnSOQYR6LyVdgf1A9oi6QW8GpYIuEMnxP4jptmKulwhosdgrJhmfnf+kMLbp:/VRnt9oiNAYIdM94jptJbnE+fwp

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      c5b9fe538654a5a259cf64c2455c5426

    • SHA1

      db45505fa041af025de53a0580758f3694b9444a

    • SHA256

      7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7

    • SHA512

      f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa

    • SSDEEP

      96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks