General

  • Target

    7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b.vbs

  • Size

    724KB

  • Sample

    240519-kxs11sbc87

  • MD5

    8a9e78bb8236c5f5d99e6f93be86115a

  • SHA1

    079265e295095e6626324c45b3a6362b804cd119

  • SHA256

    7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b

  • SHA512

    cc4d362d67f0eee74f8f035bc3d3db10455695db819ce3bb782ef6ac2a795cd389a0db56b5d53126826a7fa4bf62edb54a66eabe1c60c32b11b4ba5b628ae01e

  • SSDEEP

    6144:AsyS5Hz0L9jTGquGSqCG2NPnbY/0M7xxMldTSsp3vraSEPW/snrOLNC51gdQl7VD:gCRT+WPxm3pfqiMwc/MVqAd+27

Malware Config

Targets

    • Target

      7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b.vbs

    • Size

      724KB

    • MD5

      8a9e78bb8236c5f5d99e6f93be86115a

    • SHA1

      079265e295095e6626324c45b3a6362b804cd119

    • SHA256

      7af58069fd2ceb8da1a60644649787b738b2d41ef32a385f1e1e8711bfba0b7b

    • SHA512

      cc4d362d67f0eee74f8f035bc3d3db10455695db819ce3bb782ef6ac2a795cd389a0db56b5d53126826a7fa4bf62edb54a66eabe1c60c32b11b4ba5b628ae01e

    • SSDEEP

      6144:AsyS5Hz0L9jTGquGSqCG2NPnbY/0M7xxMldTSsp3vraSEPW/snrOLNC51gdQl7VD:gCRT+WPxm3pfqiMwc/MVqAd+27

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks