Overview

overview

10

Static

static

3

sample.exe

windows11-21h2-x64

10

Filmruller...ed.ps1

windows11-21h2-x64

8

Resubmissions

29-04-2024 16:15

240429-tqpvfseh57 10

29-04-2024 16:15

240429-tqc6naeh47 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.exe

  • Size

    372KB

  • Sample

    240429-tqpvfseh57

  • MD5

    da2f362c315e776de40b0805c5d3571b

  • SHA1

    bc6e0d5ed9e74470bdfe2d854c3a798c2e45b074

  • SHA256

    45cc8cde27d45cadec7dfec83f44215b807531439a0b2530f965fa5d4acda1b6

  • SHA512

    e53917235541dcbc9064c913cef731e101dd15593c7276febb122a3549214c30180485394e0e1867d58e41326c7fc3efd04543a85e55443c44e12838b08d006c

  • SSDEEP

    6144:HT4DtVpZI3UkwlUEkFvjV5Uioj7RODGIe2gngkOt/NONJp98AGECTcz8mFsgeJ:HTghmEkFx5Uf4wOt/NA8JE2bJ

Score
10/10
guloadercollectiondownloaderpersistence

Malware Config

Targets

    • Target

      sample.exe

    • Size

      372KB

    • MD5

      da2f362c315e776de40b0805c5d3571b

    • SHA1

      bc6e0d5ed9e74470bdfe2d854c3a798c2e45b074

    • SHA256

      45cc8cde27d45cadec7dfec83f44215b807531439a0b2530f965fa5d4acda1b6

    • SHA512

      e53917235541dcbc9064c913cef731e101dd15593c7276febb122a3549214c30180485394e0e1867d58e41326c7fc3efd04543a85e55443c44e12838b08d006c

    • SSDEEP

      6144:HT4DtVpZI3UkwlUEkFvjV5Uioj7RODGIe2gngkOt/NONJp98AGECTcz8mFsgeJ:HTghmEkFx5Uf4wOt/NA8JE2bJ

    Score
    10/10
    guloadercollectiondownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      Filmrullerne/Tendance/Unredacted.Sai

    • Size

      56KB

    • MD5

      b1d727d282df9997c8bbd3d296352191

    • SHA1

      143e2878ec786de7b8ac80958ac8509c9c26746e

    • SHA256

      28c901a827e59109f467be705332d753c0fabb390ced9c2a69c48110c69d18a5

    • SHA512

      0d9e30f588ac8c7f3b02a8e2a32ef8159255f89baf88bc05d4db89c3986492d0ba00e07e3da09a5bb64e58971c40260bb3c09712dfcb03e1c69a9554ecf4a80c

    • SSDEEP

      1536:TrVbCEwTZDc1LBlJ5PYy6CZk9F9RDdRslZLhjqHjVRR:kEwTtULBrB5k7vjYLh0VRR

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks