Overview

overview

10

Static

static

3

Evgh. rvs ...24.exe

windows7-x64

10

Evgh. rvs ...24.exe

windows10-2004-x64

10

Attn104/Ji...es.ps1

windows7-x64

8

Attn104/Ji...es.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Evgh. rvs Armenia. 30.04.2024.exe

  • Size

    783KB

  • Sample

    240502-grflysda25

  • MD5

    6775321bbbe02737daff72cbfef1d3a5

  • SHA1

    778fb1443b71b7afbf8965d6fad12247c7e2befc

  • SHA256

    0d8b7479bd9156032cf3287faee1807e96d68c7bce3835c7e3435951446bade1

  • SHA512

    0970f311b772c014384a17d0c3b51a47f7046096d2d140db7fbe665087369fde3123c77283304121ac37517a3aa117787c42914884ec82f985ddf88c7531b810

  • SSDEEP

    12288:DrC48OWaxjjtjj9bHGMIvxV7G5iMOQrLTI9AVZ/RZF:H7/jxjjtjj9JIvxV7G5iMN/0GZ/RZF

Score
10/10
guloadercollectiondownloaderpersistence

Malware Config

Targets

    • Target

      Evgh. rvs Armenia. 30.04.2024.exe

    • Size

      783KB

    • MD5

      6775321bbbe02737daff72cbfef1d3a5

    • SHA1

      778fb1443b71b7afbf8965d6fad12247c7e2befc

    • SHA256

      0d8b7479bd9156032cf3287faee1807e96d68c7bce3835c7e3435951446bade1

    • SHA512

      0970f311b772c014384a17d0c3b51a47f7046096d2d140db7fbe665087369fde3123c77283304121ac37517a3aa117787c42914884ec82f985ddf88c7531b810

    • SSDEEP

      12288:DrC48OWaxjjtjj9bHGMIvxV7G5iMOQrLTI9AVZ/RZF:H7/jxjjtjj9JIvxV7G5iMN/0GZ/RZF

    Score
    10/10
    guloaderdownloaderpersistencecollection

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Attn104/Jiber/Superintendentens/Chaptaliseringernes.Kro

    • Size

      59KB

    • MD5

      7a00c4088c123d61422f4fe0db41bd24

    • SHA1

      8dcb56788e82418c69556771808bb6c7b977067f

    • SHA256

      b7d771d62b14d618608d7541302035b824e69cee7a497ab326a14e7562800f3a

    • SHA512

      e5c309d5d1cec2083750e242d901f8bdc3a845018603f6ed16436f65ebda2e1e7f5978ac3dc838199cae22ab7b0c12c930cf941bb25c33886731d76c5598ae37

    • SSDEEP

      1536:YZzbiRU2WUoHhEBe6aOe0P2vG2Ib4OO5S3oaT:gzbUUnU2hmVaM2vR7NS3d

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks