General

  • Target

    7c9097341df9125478424c57b39c394062838aaa04bcc5725cd4a49a3b3555d9.vbs

  • Size

    15KB

  • Sample

    240523-b3lpfsha2y

  • MD5

    3ed6d6263087df6acb50d383f9646c77

  • SHA1

    3d11f3a396909f4bdda0b8b8bb7ef6b8abbad17c

  • SHA256

    7c9097341df9125478424c57b39c394062838aaa04bcc5725cd4a49a3b3555d9

  • SHA512

    e5ce4ee9fb452025cff79e23c3f335fe8b34dce4e5b315e258815212ac9cd929881c690a95d397deec0c635a0115c4eb176b557e2e877449e9a9116f8dc99f64

  • SSDEEP

    192:3Kyq8AvxRaqxtLpoMPpzkd/5Bpt0yPPGEIv97BreF56xrkoAD+h0nVJ:ayqlZRzmMxI19PGn9kF0xrgD+m

Malware Config

Targets

    • Target

      7c9097341df9125478424c57b39c394062838aaa04bcc5725cd4a49a3b3555d9.vbs

    • Size

      15KB

    • MD5

      3ed6d6263087df6acb50d383f9646c77

    • SHA1

      3d11f3a396909f4bdda0b8b8bb7ef6b8abbad17c

    • SHA256

      7c9097341df9125478424c57b39c394062838aaa04bcc5725cd4a49a3b3555d9

    • SHA512

      e5ce4ee9fb452025cff79e23c3f335fe8b34dce4e5b315e258815212ac9cd929881c690a95d397deec0c635a0115c4eb176b557e2e877449e9a9116f8dc99f64

    • SSDEEP

      192:3Kyq8AvxRaqxtLpoMPpzkd/5Bpt0yPPGEIv97BreF56xrkoAD+h0nVJ:ayqlZRzmMxI19PGn9kF0xrgD+m

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks