Resubmissions

11-07-2024 08:15

240711-j5trvaxekq 10

11-07-2024 08:02

240711-jw4wfszanh 7

General

  • Target

    1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe

  • Size

    512KB

  • Sample

    240711-j5trvaxekq

  • MD5

    2ce350ee947edcd74e4c1cc82e33a699

  • SHA1

    580342cdda916ae79ca216752f734f68435a95bd

  • SHA256

    1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc

  • SHA512

    53fdebdb4d5ea08a36633a464e614e327e8423b4b77dc4a93e5d9662e16b806cf0b19816ffa3dbd68019a1f3df9f26b923cd3f2a6ab76fb4514296593bef7ea9

  • SSDEEP

    12288:m0ODu4jwB9gqHb6plub9f2/h7EzJVK6k4F6nxei9AnUMA9z:ma4jW9lHGpI5fwh7EzJVvCxekb

Malware Config

Targets

    • Target

      1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc.exe

    • Size

      512KB

    • MD5

      2ce350ee947edcd74e4c1cc82e33a699

    • SHA1

      580342cdda916ae79ca216752f734f68435a95bd

    • SHA256

      1b6f709052fc57a3ade3bc9b5ba1f03f784aa321a9b9bfa79d8a05b57bb0b5cc

    • SHA512

      53fdebdb4d5ea08a36633a464e614e327e8423b4b77dc4a93e5d9662e16b806cf0b19816ffa3dbd68019a1f3df9f26b923cd3f2a6ab76fb4514296593bef7ea9

    • SSDEEP

      12288:m0ODu4jwB9gqHb6plub9f2/h7EzJVK6k4F6nxei9AnUMA9z:ma4jW9lHGpI5fwh7EzJVvCxekb

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks