Overview

overview

10

Static

static

1

SKGHM_PE_7...ad.vbs

windows7-x64

10

SKGHM_PE_7...ad.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81154b8137816008b1ef4beaad668a4b.bin

  • Size

    47KB

  • Sample

    240609-d6twcada9x

  • MD5

    8ec88c730b2ab660a657c6c24b6b02b5

  • SHA1

    74de280c992310b42537a3cd9dfcc04d55dd4dda

  • SHA256

    0632bb7a07de77508a0fb95ff2a2c7dbb6c27d0de809c70e94225e3468d9ee78

  • SHA512

    1352861c646b4a20eca8f42fca65cb246df8d9b278b0f8c0ee6e46105246b6a02bddd767a39a71278bcb3e2f8935b1d4bd9aebc0a0bce4261401afab4e937ab3

  • SSDEEP

    768:t7FnZtNhSCVDrkXJ0Lo/K5IETN+fYDwNBipnWpxIVJkGJ0TAvacG3EeZkpmgq1XK:t7FZtWCpkXJyoS5IEBoYDwqpnSyVJkqx

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs

    • Size

      154KB

    • MD5

      8993abe6fdbed5a58e5f8806cb1a12d8

    • SHA1

      6f52e232be6a55b0411d2d2bf1e03b01b7388921

    • SHA256

      1d6d36ec589cbecea839e3b4a5156a35f48436847043f2e1f307f6579e7893e2

    • SHA512

      9de0b6554063778d0fec454f0fcb72acc5a1b652aff0f4513254097b6cfdce80c496e330ba93c2bacbabc5437fa508a124eb5e099c0e92dca2d7b70975090bd3

    • SSDEEP

      3072:Gvn9Dm5IXdH7eAlsSyP/ioJbae+nzu6J5RcuXrMLyVZH4lY0Gx2gDwDjNMrt:Gvn9Dm5IXdH7ecsSyP/io9ae+nzu6J5j

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks