Overview

overview

10

Static

static

3

KEO-Order-...24.exe

windows7-x64

10

KEO-Order-...24.exe

windows10-2004-x64

10

$PLUGINSDI...ge.dll

windows7-x64

1

$PLUGINSDI...ge.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KEO-Order-3AY37A-APRIL_3103734_SUA721302_301824_01AU481924.exe

  • Size

    486KB

  • Sample

    240510-jcdvxsad9t

  • MD5

    e6e505189b910675d61d54ac0c6b813d

  • SHA1

    f7ab8fb65093f26dc9cbe03a694f7416b0e33347

  • SHA256

    b9b78528efaa39eda121c478cdae30464f3f3046efbf13905e29d19fbf5373b1

  • SHA512

    43309482266fdaf381b1a11c072c0f397f2826967b4d240438b67d8f80b9b1dd94a9fbe9c61723e8fd0eebd4912b51184dd372fd1c3d412346f9c42d6cda07e3

  • SSDEEP

    12288:2OLjmwzqoFl1EE+fXDRwjd4CrkOIfhoC6WzwxC3+kMZ7pH:fjmw31EEGXDKkNhoC6f4WpH

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      KEO-Order-3AY37A-APRIL_3103734_SUA721302_301824_01AU481924.exe

    • Size

      486KB

    • MD5

      e6e505189b910675d61d54ac0c6b813d

    • SHA1

      f7ab8fb65093f26dc9cbe03a694f7416b0e33347

    • SHA256

      b9b78528efaa39eda121c478cdae30464f3f3046efbf13905e29d19fbf5373b1

    • SHA512

      43309482266fdaf381b1a11c072c0f397f2826967b4d240438b67d8f80b9b1dd94a9fbe9c61723e8fd0eebd4912b51184dd372fd1c3d412346f9c42d6cda07e3

    • SSDEEP

      12288:2OLjmwzqoFl1EE+fXDRwjd4CrkOIfhoC6WzwxC3+kMZ7pH:fjmw31EEGXDKkNhoC6f4WpH

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/BgImage.dll

    • Size

      7KB

    • MD5

      6f9797fdc4fc7fca503af580999d4682

    • SHA1

      8c8e234c4646e489c29efc00f2c9a9b8aa06f55e

    • SHA256

      f03f83b88cd846b9cf05116c545fbb557f4ff37ce0bb0b2bee2ff0b4bde23a81

    • SHA512

      ca92c560d3718668de90806d8adbf8f23a423e82040156e9b0682d17bc567b85ffd9b14a9a824539b3d97fcc59b20ff3d8cb8ea602402153ba5128aea4604dfb

    • SSDEEP

      96:8eSk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTk4j7J3kWyy/:tNTJa2roqJyA2EN8diuTxje

    Score
    1/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b853d5d2361ade731e33e882707efc34

    • SHA1

      c58b1aeabdf1cbb8334ef8797e7aceaa7a1cb6be

    • SHA256

      f0cd96e0b6e40f92ad1aa0efacde833bae807b92fca19bf062c1cf8acf29484b

    • SHA512

      8ea31d82ffa6f58dab5632fe72690d3a6db0be65aec85fc8a1f71626773c0974dcebefae17bcf67c4c56ef442545e985eea0b348ff6e4fc36740640092b08d69

    • SSDEEP

      192:eA2HS+ihg200uWz947Wzvxu6v0MI7JOde+Ij5Z77dslFsEf:mS62Gw947ExuGDI7J8EF7KIE

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks