General

  • Target

    IE529_24IE529-240807.7z

  • Size

    496KB

  • Sample

    240520-jdll6aae3t

  • MD5

    6ac572d1263657b26acf3aa2dd2cebb1

  • SHA1

    e541e6e4ac53af34987af6f02d8bbd825a3d480c

  • SHA256

    b730167452b2c1573e45976ac16a25ce280d32afa3f8f9067a0dab8e9543d105

  • SHA512

    1d1575f0a035a2dc7a0025cc1919b7999f5a3887ba44b5ecb74d21b2e8e23d97f61131d8e9a5346f9c1e980cb236f935382097bacc723117a96142e46a1682b5

  • SSDEEP

    12288:NRslFBrVn2TwsF3A3AQudVk91e11/AAlIs0m4CKLYn:NRslvVnKBAIVG1yYL9n3Lu

Malware Config

Targets

    • Target

      IE529_24IE529-240807.exe

    • Size

      615KB

    • MD5

      e88cfab9d9e6836ce05cdef44a2b8022

    • SHA1

      70da6fba91f89f2d366c06f878678aee9b4ece97

    • SHA256

      de72935b814c832e1466d23eb167e151501b270b87d05034094ab11a83b84d1c

    • SHA512

      dbbbc44e0c82b16a6926cc091bfc76274b23d125599d221ac306ce56ca19914b72c628a43e0150b64ec08611c3467bc818ee5adaa4725902ba7a4bae52f80973

    • SSDEEP

      12288:L2KmM4kx4yZVnyTwsb3E3AKud9k91eD1JAAl+s0s4CGLx4:L2KUqVnuDE89G1WG/9N9Lm

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks