General
-
Target
HTMCDevalueringstidspunkts2024.7z
-
Size
9KB
-
Sample
240419-l5qfjaeg85
-
MD5
4054861bf7eb0078d48bd12c062da7ed
-
SHA1
0f6c96e8150919d7f209e8ff6ffceede9d6883d5
-
SHA256
e18d3e0264576970d517e218258acacc518ab9fa6f9eb4605950a6a192d9a708
-
SHA512
4812e0e98f6e4e0e28d01b4a7535409f5c867686608af50d341bed48a1a344d45f80c10d8a5bb36767d21ed7ecb888b751f2033325f7c51525afb81dd3a09aae
-
SSDEEP
192:ZHVV+QLIiFNPC/mV+6qViE6XFfv2ARTYYG1gdSni8yKNIjN/SgluI:1eyPC/2qVW1fueTZdSn1NIjVSgluI
Malware Config
Targets
-
-
Target
HTMCDevalueringstidspunkts2024.vbs
-
Size
16KB
-
MD5
2e5d64396eddeee2053fd3fb446892ae
-
SHA1
59f4b7acaad937d9ab3c480ef8c40b381b5667d8
-
SHA256
fa55a0efc03c0f64de8c1775fb0ca1a744f7b4f91e4e7b32c93ebe1a9d3952f7
-
SHA512
4e539e42a5ff5f99b441d641488e6142146071429d93c3a5576d93408eb26d7418ea0e79328c3ddfa5ceba7ee43836350bd974b5ac8ad913f226ced60742a340
-
SSDEEP
384:EuM9nrXoI5tBVfopD/WMECfPKWCrsulNhbpFnOwlPnWu2:EteIvB5sD/WMECfFCNVm68
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-