Overview

overview

10

Static

static

1

purchase_o...00.vbs

windows7-x64

8

purchase_o...00.vbs

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    15072024_1342_15072024_purchase_order_catalog_doc_NVT0046701572024000000000000.7z

  • Size

    52KB

  • Sample

    240715-qzrhvstarr

  • MD5

    50e02fcad444a558fdba9fda3edcf725

  • SHA1

    720e442360d1a0e6a4a6c8b3a6bea83495e97067

  • SHA256

    a59ae18cb9e2ecae687727172ae9758dcebf681f2cd42b30e9e3339bd36f293d

  • SHA512

    cf58f0b6f9b383237cb2721e8a102debac0e338e16cbf5c8d80dccd3dd6292672ca312e294119164d190f6bfc692e9dd08b15a6c710f0626abc5070c5e08334d

  • SSDEEP

    1536:+zG0k+AfheZ5TuY4mfBQUrlTQ1kJeL00h:r0kv45mmfBJpM4eLN

Score
10/10
guloaderdownloaderpersistence

Malware Config

Targets

    • Target

      purchase_order_catalog_doc_NVT0046701572024000000000000.vbs

    • Size

      102KB

    • MD5

      b32dfae3d2d315e7e01cbc8b201edb03

    • SHA1

      e26682cb8ba975eb9bf771373230ceccdaf6667c

    • SHA256

      da99bc4d4c3f45804afb8abcb8b72d9edaaa69cbfd08f8dde15bde2916afb487

    • SHA512

      f855609cd66229b251b5e46d87a760a9f402e2b624fca56e4f2f6dc4f4d9f6a0ceb4444561b5b2cedceedaa1f17bd7665008e9d2e8ee72603d38ea65622e858a

    • SSDEEP

      3072:B4oGKaBSPReHzR0WAjT28fyxa+CS64B9Ou4rIQCtv7JMEdMiRRGxQj:Wt7SPReHd0WoT28faa+CS64mu8IQCtv1

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks