General

  • Target

    Spares213mac.exe

  • Size

    560KB

  • Sample

    240711-yeb7fatdkg

  • MD5

    b2d14d37d8c8e7c8f7a7062675b3d49e

  • SHA1

    4d141b6ca30bce61dce3a97f96cf2b140cd2604e

  • SHA256

    3760f602fc5499e33e067a914934ae13bf25d81eb667f83efa9d2cec17a38cf9

  • SHA512

    abfb990b8e69bb7237831757fb0ee948b7a99a348c1d12bd006a4326c08bb869038dffdea32888b8cdbafebfc1aa7bad35b988f75aa226be496ec54570b8fc9e

  • SSDEEP

    12288:1mnpcpxAhGVRn8IiZeIznubRstXTcpnlj:1mn2TAhMnpDmuYXTQj

Score
10/10

Malware Config

Targets

    • Target

      Spares213mac.exe

    • Size

      560KB

    • MD5

      b2d14d37d8c8e7c8f7a7062675b3d49e

    • SHA1

      4d141b6ca30bce61dce3a97f96cf2b140cd2604e

    • SHA256

      3760f602fc5499e33e067a914934ae13bf25d81eb667f83efa9d2cec17a38cf9

    • SHA512

      abfb990b8e69bb7237831757fb0ee948b7a99a348c1d12bd006a4326c08bb869038dffdea32888b8cdbafebfc1aa7bad35b988f75aa226be496ec54570b8fc9e

    • SSDEEP

      12288:1mnpcpxAhGVRn8IiZeIznubRstXTcpnlj:1mn2TAhMnpDmuYXTQj

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      e23600029d1b09bdb1d422fb4e46f5a6

    • SHA1

      5d64a2f6a257a98a689a3db9a087a0fd5f180096

    • SHA256

      7342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38

    • SHA512

      c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac

    • SSDEEP

      192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks