Overview

overview

10

Static

static

3

Commande N...on.exe

windows7-x64

10

Commande N...on.exe

windows10-2004-x64

6

unvolubly/...ng.ps1

windows7-x64

8

unvolubly/...ng.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exe

  • Size

    548KB

  • Sample

    240426-genf2aae37

  • MD5

    edeb34f392872f3c9e220bc9dcf9ba86

  • SHA1

    e9fb6ff7cd47ec7b08391f4c1ecc1e684bf28ff7

  • SHA256

    39e37a6736984b617a47818ffdbd202199c75f769821d4939f1d61dff621098d

  • SHA512

    f33bc39692838cc94ae0ed6aedddfcecb8fd564de6de0d81a258ece57eba04cb7820f1fe834e48b4e0cbce95409449514bb645e69584ad62e0439fea306af424

  • SSDEEP

    12288:47YvE3TaaFpfEwmgfwwQxeoKGaGsIMcgLvlU2eZysZMNue:bENj7JgaRe0VN9

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      Commande No 00007 de M.N.S. S.A. 24000127 MNS Distribution.exe

    • Size

      548KB

    • MD5

      edeb34f392872f3c9e220bc9dcf9ba86

    • SHA1

      e9fb6ff7cd47ec7b08391f4c1ecc1e684bf28ff7

    • SHA256

      39e37a6736984b617a47818ffdbd202199c75f769821d4939f1d61dff621098d

    • SHA512

      f33bc39692838cc94ae0ed6aedddfcecb8fd564de6de0d81a258ece57eba04cb7820f1fe834e48b4e0cbce95409449514bb645e69584ad62e0439fea306af424

    • SSDEEP

      12288:47YvE3TaaFpfEwmgfwwQxeoKGaGsIMcgLvlU2eZysZMNue:bENj7JgaRe0VN9

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      unvolubly/Langtrkkendes/Pelletising.Art

    • Size

      56KB

    • MD5

      19779840eecfc141420a08cb9a741962

    • SHA1

      0f0a168bc292914da146f667557ff5f07b0f5ae5

    • SHA256

      de1fc8dc64b49c5ae8c2c9c45e7dd4d2aa154f845e99a8e8fa08b5abf23d38a7

    • SHA512

      d3be08e433f93bafc5d53ea6e91c53e01d755bf1c61e4006aa184da35644b343bd72d0ddbee9820db107c2df212dc4a51a4e06ebf3cf6c1e45ed250f2b383723

    • SSDEEP

      1536:M2JnexhWTLwrzAPNCVjXRFnhoMMesE5FxGFlAqfq+7:MGghWPwrMeh9b2ELxGFl77

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks