Overview

overview

10

Static

static

1

SKTGHRO773...55.exe

windows7-x64

10

SKTGHRO773...55.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06082024_0329_06082024_SKTGHRO77395797593759737593759375793753957Slummet55 (1).7z

  • Size

    427KB

  • Sample

    240806-d1wgzsscre

  • MD5

    ebdd938b677dc88abfb6730cb0f0ae51

  • SHA1

    331e22c2b693e4cd50b1fe53a923792dea88ea84

  • SHA256

    e6341a92ab49bc2e926416dbe3429a5e96a6771effc4ab224ea0c1785df848fa

  • SHA512

    b1569f5e3867599660d07ad02a1e7a577d3dafc1ee5bb2d11454fcbf4495d68c1f87713ee6515a3527468afeb8e9bf22942db8c276dc33102f1fce5202a802ec

  • SSDEEP

    12288:MdRj36Xww9yFeamFFmsvkkuhSjATUphZhdjiNY:oYSeamFMsvhfjATUphzdX

Score
10/10
guloaderdiscoverydownloaderexecution

Malware Config

Targets

    • Target

      SKTGHRO77395797593759737593759375793753957Slummet55.exe

    • Size

      481KB

    • MD5

      6304403095a696f2c74a7e022ee18af6

    • SHA1

      a69d59aab5a94699ce0e5dea6304cb031f8d7c79

    • SHA256

      0a5611401f99d5b7ce0b7d1e13bda3e0e908abb487987c1c7d3d667f3c4c4e16

    • SHA512

      0d78df6576c24326fbd220bf7a116b52ceb57c6f1d86025c6b58b3c6e9de0b6a4cd79947a5aa59468033e45860eeebc6400c7704caa81911f24a8b79acf49c79

    • SSDEEP

      12288:FY1nHGrmqu9HZS05uwGStaQ5Y7JJRMgTAUdey43gqt5R:FY5HGrmqoMfwN5Y7JJA/35

    Score
    10/10
    guloaderdiscoverydownloaderexecution

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks