General

  • Target

    1ac701f312d9e8422f4cdb3d527405a269c25ec0f28ef614080ce98dd9480128.exe

  • Size

    689KB

  • Sample

    240523-rstv3sec4x

  • MD5

    546f9b0627ba8679b8e9610bc1d7e24b

  • SHA1

    46192bc20df587e4ac55db8bce83e24dd3a1ba40

  • SHA256

    1ac701f312d9e8422f4cdb3d527405a269c25ec0f28ef614080ce98dd9480128

  • SHA512

    01876f5f66d9e277ff72596318f4170c84178dda783a98b3dd9c2fdd5fc0c925790ef32f36a1ef8e0af738b5b4761413eb2023e572b116ecd4f9688eb488672d

  • SSDEEP

    12288:60oU0UEneHuDY7nCkEPaT24WxsdUSFbE27UwvfGF9oZFuh9K35:mxneHuDYukEPAWxsWSFbXzveF9orzJ

Malware Config

Targets

    • Target

      1ac701f312d9e8422f4cdb3d527405a269c25ec0f28ef614080ce98dd9480128.exe

    • Size

      689KB

    • MD5

      546f9b0627ba8679b8e9610bc1d7e24b

    • SHA1

      46192bc20df587e4ac55db8bce83e24dd3a1ba40

    • SHA256

      1ac701f312d9e8422f4cdb3d527405a269c25ec0f28ef614080ce98dd9480128

    • SHA512

      01876f5f66d9e277ff72596318f4170c84178dda783a98b3dd9c2fdd5fc0c925790ef32f36a1ef8e0af738b5b4761413eb2023e572b116ecd4f9688eb488672d

    • SSDEEP

      12288:60oU0UEneHuDY7nCkEPaT24WxsdUSFbE27UwvfGF9oZFuh9K35:mxneHuDYukEPAWxsWSFbXzveF9orzJ

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Amortissement/Blokdiagrammets/Superline/Elogy.chi

    • Size

      55KB

    • MD5

      2b73e0d24d799259480051998efba53e

    • SHA1

      fe97fa385a6b05cd610326714057ea525cee290c

    • SHA256

      ed906e2d74ae966bee4d6df8643d016cbb29c15bfce975e2d50334ecf9a4ac07

    • SHA512

      a07f4e7fa1f3982f602f4d36664824e5e8905a7299b6ebfa455b1d03c320efd213f9386da6a79aac67ea8b489514279ef372a43c8fe934d0995e8b7140c22430

    • SSDEEP

      768:qNowTSDmiDAEbVGfJQeVgeLkul6uMF+2cuLPkvGLho56+9RI380vna3JZdVD6k8j:qmwTG5D9bEWqgUkkd1vse/9x0/GdVK

    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks