General
-
Target
pko_trans_details_20240909_105339·pdf.vbs
-
Size
34KB
-
Sample
240909-hqwgfsyeka
-
MD5
f47be72a96dd07190c9636231654dfe5
-
SHA1
b0f23fa8a4669111d04e442e81888330f76b5689
-
SHA256
8317fc4b7eb8d40478a79de9fc539469ab5b2904822894ac6eee27f7cf9e6ce9
-
SHA512
a739b342622f6949f3238b18b8c51ecbddfa61ddd6d2b18b83bff9f9b72a9c9774aca871f547ace1d41a123d756e3498babd6eb42d9b4e42f3c32e2ec91bdc56
-
SSDEEP
192:oM+q8B50G4urQDIN9+H27uci5akloQROGHb0m1f8uk2R6Ct9gpCIHOmJTmFLauQ:l8Lv4urQ89mAu9YzafAGk2RnyYBPTQ
Malware Config
Targets
-
-
Target
pko_trans_details_20240909_105339·pdf.vbs
-
Size
34KB
-
MD5
f47be72a96dd07190c9636231654dfe5
-
SHA1
b0f23fa8a4669111d04e442e81888330f76b5689
-
SHA256
8317fc4b7eb8d40478a79de9fc539469ab5b2904822894ac6eee27f7cf9e6ce9
-
SHA512
a739b342622f6949f3238b18b8c51ecbddfa61ddd6d2b18b83bff9f9b72a9c9774aca871f547ace1d41a123d756e3498babd6eb42d9b4e42f3c32e2ec91bdc56
-
SSDEEP
192:oM+q8B50G4urQDIN9+H27uci5akloQROGHb0m1f8uk2R6Ct9gpCIHOmJTmFLauQ:l8Lv4urQ89mAu9YzafAGk2RnyYBPTQ
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-