Overview

overview

10

Static

static

1

RESOLUCIÓ...53.bat

windows7-x64

10

RESOLUCIÓ...53.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f67832a689ba330034ec4f679ccb610cba781a5216e62c72b0ab2f7583712e2d

  • Size

    4KB

  • Sample

    240603-n77hyadg6t

  • MD5

    f1f96523f3735948271f228b161bd02d

  • SHA1

    c8f27784ea8d91a518d457ef03a1bd791e5c40c9

  • SHA256

    f67832a689ba330034ec4f679ccb610cba781a5216e62c72b0ab2f7583712e2d

  • SHA512

    5278a44e338d66e5080e363440e097d63ffe21c3d80eeaed3857164db3a08b479a386cb1ac287ea8ed181df937bfb2debc390c8cf83efebabaa35d76208ac0bb

  • SSDEEP

    96:dSDkS60/op1ai2HYpt5PJ6v5F7jvKdkSCzWUN9RuBTS7n:MDldQt5Psv5F7jydnCzFeAn

Score
10/10
guloadercollectiondownloaderexecutionpersistence

Malware Config

Targets

    • Target

      RESOLUCIÓN DE PAGO BBVA DOCUMENTO M-343453.bat

    • Size

      5KB

    • MD5

      aa4e98c4bb3ae56632fe9233d1c81dec

    • SHA1

      14c769a28d333c7140ac59a239ee9007d320bc4a

    • SHA256

      99356a6ae454534dfac69821a33a007e3ce7aa0b2169c3028115ccada4ca52a9

    • SHA512

      ae68eef5e46a1d260a5c6f965d2627aee5605a122e6bef57feb0486db0ac3931a2d7a2403974e988b13f24fa47f673e09e1218fa5ce0201b3fb9d6f7431b6270

    • SSDEEP

      96:k3X8Vu884HOafbryp8iSEWc9N985OA9qmBRI:lQeHffbryppk5OmXI

    Score
    10/10
    guloaderdownloaderexecutionpersistencecollection

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks