General

  • Target

    a.exe

  • Size

    500KB

  • Sample

    240519-rwp2asbh5s

  • MD5

    166bd63c511fbcc8fb7176d5c4190866

  • SHA1

    48f3ad8868d13f883c776fc52b0765fc30b9adc8

  • SHA256

    9356e72bd9b7838d9d7e76d84f9961458a68caada57aee4459aa364966d96423

  • SHA512

    f8bdeb0ceb97044a29ffefdb1d476f8abd0581173cec250f4d412d75b0082ab169dc9d22e0390ef918c466a0c7429936f64e42582dfdc483d341bb31f6abaf5d

  • SSDEEP

    12288:4IbHDHFwiL88ATVee2E+gumrurdJjcObvgK:4IbHDHF9L8t5uE+4eA+v

Score
10/10

Malware Config

Targets

    • Target

      a.exe

    • Size

      500KB

    • MD5

      166bd63c511fbcc8fb7176d5c4190866

    • SHA1

      48f3ad8868d13f883c776fc52b0765fc30b9adc8

    • SHA256

      9356e72bd9b7838d9d7e76d84f9961458a68caada57aee4459aa364966d96423

    • SHA512

      f8bdeb0ceb97044a29ffefdb1d476f8abd0581173cec250f4d412d75b0082ab169dc9d22e0390ef918c466a0c7429936f64e42582dfdc483d341bb31f6abaf5d

    • SSDEEP

      12288:4IbHDHFwiL88ATVee2E+gumrurdJjcObvgK:4IbHDHF9L8t5uE+4eA+v

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      9625d5b1754bc4ff29281d415d27a0fd

    • SHA1

      80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

    • SHA256

      c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

    • SHA512

      dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

    • SSDEEP

      192:eX24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlqSlS:D8QIl972eXqlWBFSt273YOlqz

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks