General
-
Target
DHL_M-002567436735845755676678877988975877.exe
-
Size
435KB
-
Sample
240429-lr9x1sga5w
-
MD5
4e1e7a26a6c1115d55293a84f36575c1
-
SHA1
ec727b3bd73c11995e745ff1668ad69400f97d30
-
SHA256
cd533d45b704ab35ca35b9162805abb28710ca25399344812fa9f8598a93b30b
-
SHA512
e5f70560e440068c684d95992eace1fb649b0c091230db98f61ff68a49d3ff84530351d3b619445936cd51fc694c11fa43e77d0a1f400d165fcb2e13a670bc7e
-
SSDEEP
6144:lxFSmlmkDp54v/qwnQ6pNwhScW/rern/ZPYdnPBzYnBAqJ1tUWz:BtFFSa4ySperRPYvAAqJ19
Malware Config
Targets
-
-
Target
DHL_M-002567436735845755676678877988975877.exe
-
Size
435KB
-
MD5
4e1e7a26a6c1115d55293a84f36575c1
-
SHA1
ec727b3bd73c11995e745ff1668ad69400f97d30
-
SHA256
cd533d45b704ab35ca35b9162805abb28710ca25399344812fa9f8598a93b30b
-
SHA512
e5f70560e440068c684d95992eace1fb649b0c091230db98f61ff68a49d3ff84530351d3b619445936cd51fc694c11fa43e77d0a1f400d165fcb2e13a670bc7e
-
SSDEEP
6144:lxFSmlmkDp54v/qwnQ6pNwhScW/rern/ZPYdnPBzYnBAqJ1tUWz:BtFFSa4ySperRPYvAAqJ19
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
Forthteller/Fibrillationen52/Nonveracity/Kreolerne.Ans
-
Size
57KB
-
MD5
cef01801545d5b91580cd6a4a9273144
-
SHA1
4ba951133e407bd0d6b0447d216528200aff68b9
-
SHA256
f0f42ea894ea592f55fd42f05df638a1c0eb54f966671817ba67ac78d6da3345
-
SHA512
57a39ee84f50065923d8441539da07a6ee49cc9e75e32d4f5b293c7d5a40b5f0cdf9b2e63fa29fbb279c86ad800ff4e8b72ed524d849e0ca423e61d3d9e0ebca
-
SSDEEP
1536:L/LU8NrMkeSHgeclYZTQgE8fxuRkZFT1Y3a0cF:7LjrP4eSNBUYK7
Score8/10-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-