Overview

overview

10

Static

static

1

c950aba206...48.vbs

windows7-x64

10

c950aba206...48.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c950aba2061fbb90b63122bec04b71764966e5554b6cd40114772c392464f748.vbs

  • Size

    210KB

  • Sample

    240503-cgzjvsee48

  • MD5

    5c7e4886e009c7d2908ec633bf48cf8e

  • SHA1

    72e9f5c65571b19402febfa7f36fc6ee5ce9a0f3

  • SHA256

    c950aba2061fbb90b63122bec04b71764966e5554b6cd40114772c392464f748

  • SHA512

    e7910dd42402712860ff660e699707d3c0ae6e4ba8eb8292a8a01de8a22a78bd86272f9668ae4fe260c9af499bbc8477d8d8df115a917040606be6c9cb7736f1

  • SSDEEP

    6144:wyJITON4vsj1oLXVAFN6oDpLfcW6PGOYQO+17ezWSUqE19eAV/KE3JSlkiuqIQKi:lcKJkRH3Y

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      c950aba2061fbb90b63122bec04b71764966e5554b6cd40114772c392464f748.vbs

    • Size

      210KB

    • MD5

      5c7e4886e009c7d2908ec633bf48cf8e

    • SHA1

      72e9f5c65571b19402febfa7f36fc6ee5ce9a0f3

    • SHA256

      c950aba2061fbb90b63122bec04b71764966e5554b6cd40114772c392464f748

    • SHA512

      e7910dd42402712860ff660e699707d3c0ae6e4ba8eb8292a8a01de8a22a78bd86272f9668ae4fe260c9af499bbc8477d8d8df115a917040606be6c9cb7736f1

    • SSDEEP

      6144:wyJITON4vsj1oLXVAFN6oDpLfcW6PGOYQO+17ezWSUqE19eAV/KE3JSlkiuqIQKi:lcKJkRH3Y

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks