Overview

overview

10

Static

static

1

LPO_6784885.vbs

windows7-x64

8

LPO_6784885.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    LPO_6784885.vbs

  • Size

    11KB

  • Sample

    240508-jh64nahg6s

  • MD5

    aa1cdcbb68bc723da0cad23fa773363d

  • SHA1

    6d72cde139b62bc48ba0c99219734b54e05cb28f

  • SHA256

    7f2e40885256fb1f6d6fdb480723f5e13620380e854514f4b07ff96be44c067d

  • SHA512

    026294971daf18f36c0492e479cf19e9b467150c8e77319123ece4f78840f177b7c0f5d4ee4eee0f53965d547dfe6704ea2dc0fa49ae83cef3b5afde2b4a73f0

  • SSDEEP

    192:JO7SJ5i0avKua62rhwEPcJUxbh8n6hz5CwOvjVilHesIn9TsYK2Dk7s+JfNFKTsq:YVPKv62jCXB6K9eB3/XUJYC0ExP7hro+

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      LPO_6784885.vbs

    • Size

      11KB

    • MD5

      aa1cdcbb68bc723da0cad23fa773363d

    • SHA1

      6d72cde139b62bc48ba0c99219734b54e05cb28f

    • SHA256

      7f2e40885256fb1f6d6fdb480723f5e13620380e854514f4b07ff96be44c067d

    • SHA512

      026294971daf18f36c0492e479cf19e9b467150c8e77319123ece4f78840f177b7c0f5d4ee4eee0f53965d547dfe6704ea2dc0fa49ae83cef3b5afde2b4a73f0

    • SSDEEP

      192:JO7SJ5i0avKua62rhwEPcJUxbh8n6hz5CwOvjVilHesIn9TsYK2Dk7s+JfNFKTsq:YVPKv62jCXB6K9eB3/XUJYC0ExP7hro+

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks