General

  • Target

    1.vbs

  • Size

    17KB

  • Sample

    240520-krj6xscc42

  • MD5

    93af4525d3371d64a36295af717e97e1

  • SHA1

    d99e799e0564aa02822d42815627e5dd06a144cf

  • SHA256

    6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c

  • SHA512

    8c3cf67692b04e0897b2e6abd3f1356631218c4b2ed1ee94ba16c1e3efb30c2706afc36940424dcc7020462f32d354d3bf719ceaa789517d5da81d149f52fe67

  • SSDEEP

    192:lwxHanX9+BAlqWmhTEHo6FXmDYZhkKy1/IZ8Bl0r9e1Q1mf0SxQYyJd1nQIo9dyP:ixHaXXl7HJFXkAyCm0oymnqYuQF9sP

Malware Config

Targets

    • Target

      1.vbs

    • Size

      17KB

    • MD5

      93af4525d3371d64a36295af717e97e1

    • SHA1

      d99e799e0564aa02822d42815627e5dd06a144cf

    • SHA256

      6f431d950d084dfdc3b1029e50ede4866a755556d1a4ed641f6d968057a7ae7c

    • SHA512

      8c3cf67692b04e0897b2e6abd3f1356631218c4b2ed1ee94ba16c1e3efb30c2706afc36940424dcc7020462f32d354d3bf719ceaa789517d5da81d149f52fe67

    • SSDEEP

      192:lwxHanX9+BAlqWmhTEHo6FXmDYZhkKy1/IZ8Bl0r9e1Q1mf0SxQYyJd1nQIo9dyP:ixHaXXl7HJFXkAyCm0oymnqYuQF9sP

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks