Overview

overview

10

Static

static

1

rSMKGKZ757...ll.exe

windows7-x64

10

rSMKGKZ757...ll.exe

windows10-2004-x64

8

Incorporeal.ps1

windows7-x64

8

Incorporeal.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    rSMKGKZ757385839500358358935775939058735Repoll.exe

  • Size

    484KB

  • Sample

    240508-wj6kqsgb5z

  • MD5

    fb3e83008ba56d061f4b237fc15fb7c9

  • SHA1

    444a3066eace07cf316d1df257bb1cd65fe714c1

  • SHA256

    fcdbde9d610f443bbfea15d925e9fcb72b7075d6156d281c627b105086a46746

  • SHA512

    2385034bbd33ea2d57dc5831c3d73faff1513934d8e69cce2b0ad23c0b8717f1c57a5192eccdc28019abbb25969750fe6d9d23bb5198cedc32acdc7ec357b7b5

  • SSDEEP

    6144:QnPdudwDYfaCw91Jr/an0bmkIZmrMPi2mo7RszkgbapwLAE8MMt27ktemmLBhBC5:QnPdsC9RjS0Sjz7IhcEaU7bFhBCzWd3M

Score
10/10
guloaderdownloaderexecutionpersistence

Malware Config

Targets

    • Target

      rSMKGKZ757385839500358358935775939058735Repoll.exe

    • Size

      484KB

    • MD5

      fb3e83008ba56d061f4b237fc15fb7c9

    • SHA1

      444a3066eace07cf316d1df257bb1cd65fe714c1

    • SHA256

      fcdbde9d610f443bbfea15d925e9fcb72b7075d6156d281c627b105086a46746

    • SHA512

      2385034bbd33ea2d57dc5831c3d73faff1513934d8e69cce2b0ad23c0b8717f1c57a5192eccdc28019abbb25969750fe6d9d23bb5198cedc32acdc7ec357b7b5

    • SSDEEP

      6144:QnPdudwDYfaCw91Jr/an0bmkIZmrMPi2mo7RszkgbapwLAE8MMt27ktemmLBhBC5:QnPdsC9RjS0Sjz7IhcEaU7bFhBCzWd3M

    Score
    10/10
    guloaderdownloaderexecutionpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Incorporeal.ass

    • Size

      58KB

    • MD5

      135a64482148a48a725537b85f57c00d

    • SHA1

      6b6aadd0a75817cdabbab7579f0a6f426732fb26

    • SHA256

      4c5b0e9e84277b02c905d3d374bcdbb9ce5ef5092efb78e615e4fc84e35c5de1

    • SHA512

      17be360bb1159462da753675a19070fa2e53b636bc34f2f8eff2e05e63ea759ef1fe33f8b4d5028aefb7327eae14d10095342b2b071ff78c31bd4f5a9388dad6

    • SSDEEP

      1536:sJA2qr8I89uz7zNuJJUyZesgBRJ0QiRTDovF:Yxqr8IqyeUyE7p0QioF

    Score
    8/10
    executionpersistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks