General
-
Target
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
-
Size
13KB
-
Sample
240523-cdzepahf2z
-
MD5
693d91041a54a578ada0c38a77634ee9
-
SHA1
13e0a6c85203356af7d11ff4a0e74a6b9637f466
-
SHA256
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91
-
SHA512
110e25ec6a8f8cb52a3d8a21e01ae9e2b308276111a70cd2afd64e187b41fbbedf9365170bacd971b26ee17a62df4b2174dd2580bcdb18ed768a06d01d860ccb
-
SSDEEP
192:lLZMMji78HauxUn+OKEtfuJkEF3UxO8OY7DIsRsTYEtoTP5CfQ6x7PwYVRWFo2Uj:DV8wtkyRi/aVvdb2ze
Malware Config
Targets
-
-
Target
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91.vbs
-
Size
13KB
-
MD5
693d91041a54a578ada0c38a77634ee9
-
SHA1
13e0a6c85203356af7d11ff4a0e74a6b9637f466
-
SHA256
bb8d35012cdd6408e23b9983549095e98a88c1ccf99fc447cb92bf9d6de71b91
-
SHA512
110e25ec6a8f8cb52a3d8a21e01ae9e2b308276111a70cd2afd64e187b41fbbedf9365170bacd971b26ee17a62df4b2174dd2580bcdb18ed768a06d01d860ccb
-
SSDEEP
192:lLZMMji78HauxUn+OKEtfuJkEF3UxO8OY7DIsRsTYEtoTP5CfQ6x7PwYVRWFo2Uj:DV8wtkyRi/aVvdb2ze
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-