General

  • Target

    12072024_1034_11072024_FV-GDS3535353 ROVANJO Udtryksfulderes.7z

  • Size

    4KB

  • Sample

    240712-mmfn2szcnj

  • MD5

    1126f7aec2c8928649464da292c06eec

  • SHA1

    fbade0cb129da4d96c963320e81d1bed795f8e0f

  • SHA256

    e8461927d0dd3ce82be9acb94260a79e7b52ee46257a376e9d3b88eccbf640d1

  • SHA512

    1ede6f08bfe303d80136d637491fde827a4265f7b159db674513db4f034b91813e6c029c8b118ba0a35bfa08efad4c0f4ad11e5b7a5fcfe4d13eaff8da4469ee

  • SSDEEP

    96:ZSmzCZR1n80GcmbXwB3+j0LOjQJG5OLdPdX:5CJn82mkBa2OjP5OZB

Malware Config

Targets

    • Target

      FV-GDS3535353 ROVANJO Udtryksfulderes.bat

    • Size

      6KB

    • MD5

      60186cd9a2e82835bc143c1fb4662b7e

    • SHA1

      880c7f14743f9759b30bcc28085949122f54c20e

    • SHA256

      b66081b0e5dfe21e03d1043700d7c05e65bda96ad33a6370c374217d5ae84405

    • SHA512

      98ca66c502178601cf1d568fb4b5ef122564f548eae2c82c9979207ea69398212f2b35571f3cc0696ec9edb70174a016c00ddd12fc26140d63196188e6f0f8b7

    • SSDEEP

      192:jOJVeUYLAKLt+IS0y+80TJco4Ga5y0p8te:QeAKZZS280FL3aw0aE

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks