General

  • Target

    9500e0c5048bf63eeb3dee4c704ebd0f7ddc24902be50a9ef1dd0c0148546e0f.exe

  • Size

    387KB

  • Sample

    240710-wh2v6atgjh

  • MD5

    06e45d2db3c52517fc7139b3b32a4742

  • SHA1

    602ab4e85c1506af02d51e144298bac3aea331ca

  • SHA256

    9500e0c5048bf63eeb3dee4c704ebd0f7ddc24902be50a9ef1dd0c0148546e0f

  • SHA512

    32e1131c14136721d872ea13736fe7041d8d7e09a1efac363a4bc1d29a9bcd4fcfc8e523cf689386a7e8fe67100194211a1ea9934f7fde5f241df77adcdb61bd

  • SSDEEP

    12288:3GqS6hqE06uAyNOcSN6dJjfJ1mPaxm5Bj3O9X:3GqS6hb0Kd4FBcixmBje9

Malware Config

Targets

    • Target

      9500e0c5048bf63eeb3dee4c704ebd0f7ddc24902be50a9ef1dd0c0148546e0f.exe

    • Size

      387KB

    • MD5

      06e45d2db3c52517fc7139b3b32a4742

    • SHA1

      602ab4e85c1506af02d51e144298bac3aea331ca

    • SHA256

      9500e0c5048bf63eeb3dee4c704ebd0f7ddc24902be50a9ef1dd0c0148546e0f

    • SHA512

      32e1131c14136721d872ea13736fe7041d8d7e09a1efac363a4bc1d29a9bcd4fcfc8e523cf689386a7e8fe67100194211a1ea9934f7fde5f241df77adcdb61bd

    • SSDEEP

      12288:3GqS6hqE06uAyNOcSN6dJjfJ1mPaxm5Bj3O9X:3GqS6hb0Kd4FBcixmBje9

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks