Overview

overview

10

Static

static

3

Telescribe.exe

windows7-x64

10

Telescribe.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72b1c85eede5ca8c04c1d472cd2ea3a86e7442c4933105c50fb0484d1f4c5ad0.rar

  • Size

    1.2MB

  • Sample

    240523-b2ws2agh7z

  • MD5

    1826a5e6bffabb043751e2cd02e22582

  • SHA1

    4c0a6a2c3fbc228217a980fc906ffde32150e9b3

  • SHA256

    72b1c85eede5ca8c04c1d472cd2ea3a86e7442c4933105c50fb0484d1f4c5ad0

  • SHA512

    4e5e12a9dd3c8bc4ac113aa011dbb6945c21dd9d7097c2cb1a14c8094f150d980c3ab4266ed40b109d22df1ce1afc24de9c5549e9922ee289267ebbb00e9f650

  • SSDEEP

    24576:0qk2XE94nLTBq3NPVgcYgoHeRAYbLoXjOivHGLv9gf38N8MbqL3G8FsbNRgP:EgX2VVHYeKYgTMLvOf38N8qaXc0

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Telescribe.exe

    • Size

      1.3MB

    • MD5

      ee518fda96d7cb89bad8783aeab7e6fa

    • SHA1

      5dced89b75ece47f8e8c0b19082ed97448f83964

    • SHA256

      cd25f94f8e22e1ca4f4bb2f65a4d904aaa01b57445284b1cf5ea9572873d2b4a

    • SHA512

      b92c661cc02640f4cbc1641b78005d84d176305af07caa92cb26441b0fcb831c31c79db7b5af69d2e331bf5ea1d28f9aa790fc7127cb58fae2224b111275f13b

    • SSDEEP

      24576:d9Q0lIVTRJLpdCW9zTIvwS60x6Hcy/U77VaaG8uosbrDqa1VHWTcSdmWDxbLn/oY:rQ0lsRdpdBTIYS6VDM77YoOrDX1l2xbv

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b8992e497d57001ddf100f9c397fcef5

    • SHA1

      e26ddf101a2ec5027975d2909306457c6f61cfbd

    • SHA256

      98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

    • SHA512

      8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

    • SSDEEP

      192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks