Overview

overview

10

Static

static

3

UMMAN İHR...33.exe

windows7-x64

10

UMMAN İHR...33.exe

windows10-2004-x64

10

Vitaminern...es.ps1

windows7-x64

8

Vitaminern...es.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UMMAN İHRACAT AFR5641 910-1714 1633.exe

  • Size

    503KB

  • Sample

    240419-ktap9sdc35

  • MD5

    bf56c567703447c78773f3e581a004db

  • SHA1

    80ec3b7f7b5f7e2df367dff512b508a21c682111

  • SHA256

    01beeda976d48dc4c029032b0113fed68e00a2736cc03667c065f7bf7440eec2

  • SHA512

    b67e817ab691ab8257826b5a90fb7731801765b5e1299f1ee5235aa36065d082a04ca276c735eea0480a5e27382047b488227bd4e887a4176639cd64fd4c2f5b

  • SSDEEP

    12288:fzA/ggggjlFZKqUVReLAu8xzRCf8CzQXX:U/ggggjHZbU5Po0CcXX

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      UMMAN İHRACAT AFR5641 910-1714 1633.exe

    • Size

      503KB

    • MD5

      bf56c567703447c78773f3e581a004db

    • SHA1

      80ec3b7f7b5f7e2df367dff512b508a21c682111

    • SHA256

      01beeda976d48dc4c029032b0113fed68e00a2736cc03667c065f7bf7440eec2

    • SHA512

      b67e817ab691ab8257826b5a90fb7731801765b5e1299f1ee5235aa36065d082a04ca276c735eea0480a5e27382047b488227bd4e887a4176639cd64fd4c2f5b

    • SSDEEP

      12288:fzA/ggggjlFZKqUVReLAu8xzRCf8CzQXX:U/ggggjHZbU5Po0CcXX

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Vitaminerne/Taksonomiske24/Trephining/Piloters/Recepternes.pen

    • Size

      57KB

    • MD5

      24e44ec408c4fb8b429adb0ee5869985

    • SHA1

      1913f35995281fec0c9f586fd73d6a2f4e64a5ca

    • SHA256

      cf1db414b602f31a34655222809a3542f96a8ffcf0e43dfdbc341192f8298f71

    • SHA512

      76b152a80b4f9537c1cd3fb6209021040946c0e7c75fe907f9b95e9f4446b2f12ef54be9721de7b13929df0e1d555db38f470d43f9142b4c1b87e74768819425

    • SSDEEP

      1536:sHoiMTmNr5n2YDREJfm7g0ctkXRR7f8zYXJ4l:QoxOHifKciRdf8zYK

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks