General
-
Target
a1f794f5781ade202f9cbd9fc08e7f3e3b8d737792cc594c093bb4979a7ecbe4.lzh
-
Size
6KB
-
Sample
240522-cg5e4sha7t
-
MD5
21e962583c788cd2fafa19e0d4781431
-
SHA1
7c1ebfe44e9ae199ebf0bc8de5999895a4e7f174
-
SHA256
a1f794f5781ade202f9cbd9fc08e7f3e3b8d737792cc594c093bb4979a7ecbe4
-
SHA512
e9ceec5eced596d3e7224d3b65874b15a7484ca995dee5f3a07e979768cbe36e6b64c8f82be675dbb7f3a33c88dfa47c4ffd398a603318ffc67fec5372dbc4f9
-
SSDEEP
192:E7YNQ0S9eqTnlm/YWQG8uwDm8Fff1i+EkwZrXU:6YNQ0m37lWkGtwDhFIvksU
Malware Config
Targets
-
-
Target
Shipping document.vbs
-
Size
14KB
-
MD5
cc0d3bd0295d7e43b783d4a0c36ca3e7
-
SHA1
c995bccdd522edc92374da5f8dba5fbbb702d8c5
-
SHA256
1d6d63b8901bc80a11efb209bf189620b2ba252e80138564224e6ad3ece199ae
-
SHA512
3772f7ac137307c3a3380b6b5c316bd62a07d2aab162650cfead07ed660cd2971220f7d5d88d2db25c122143c6c921991cc899381d5c7c1c078cda819fbf33d2
-
SSDEEP
192:pmZrDl6E84tSjHVq6UyG+Z0tw/uWhq/V0rXCeVE6pW9CAhlxy4fnp:cBvzCHVqD+Z0tw/uWkNiXC74kD7xjfnp
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Detects executables built or packed with MPress PE compressor
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Detects executables referencing many email and collaboration clients. Observed in information stealers
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-