Overview

overview

10

Static

static

1

MST-004875...se.exe

windows7-x64

10

MST-004875...se.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MST-004875758845993858358838583853534353loadinzormuleringse.exe

  • Size

    361KB

  • Sample

    240515-je84vafe37

  • MD5

    18febfd2f4169aa7e15b2104707914d4

  • SHA1

    82130b0bd68e97537b20bd281eefd3781c767547

  • SHA256

    6e25014badb4596a4ca3c97a27ed6afba7385cf81bcb0980a039b7df2d1b02be

  • SHA512

    feaf50b080876e293311b7295507dbab918b3406d48e530825b35bbaeb44d4fece5b7625657a4447933ca4fecd16342b7b1da61bf9bed96a6ee0896d9c2ff2c5

  • SSDEEP

    6144:7Dv9rF8A4kPfpEJalP03+dNn7CHvwIhuCA7RXORMdInyJQbH80RxhGUTU:np7xZEmPWGF+Pdu99eR5yHKxhGz

Score
10/10
guloaderdownloaderexecutionpersistence

Malware Config

Targets

    • Target

      MST-004875758845993858358838583853534353loadinzormuleringse.exe

    • Size

      361KB

    • MD5

      18febfd2f4169aa7e15b2104707914d4

    • SHA1

      82130b0bd68e97537b20bd281eefd3781c767547

    • SHA256

      6e25014badb4596a4ca3c97a27ed6afba7385cf81bcb0980a039b7df2d1b02be

    • SHA512

      feaf50b080876e293311b7295507dbab918b3406d48e530825b35bbaeb44d4fece5b7625657a4447933ca4fecd16342b7b1da61bf9bed96a6ee0896d9c2ff2c5

    • SSDEEP

      6144:7Dv9rF8A4kPfpEJalP03+dNn7CHvwIhuCA7RXORMdInyJQbH80RxhGUTU:np7xZEmPWGF+Pdu99eR5yHKxhGz

    Score
    10/10
    guloaderdownloaderexecutionpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks