Overview

overview

10

Static

static

1

Faktura_71...df.vbs

windows7-x64

10

Faktura_71...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19092024_0631_Faktura_7122128240�pdf.zip

  • Size

    3KB

  • Sample

    240919-hahwesvfja

  • MD5

    87dba2196842d8063df92b773f37e5d0

  • SHA1

    a55394b2ea46b8e8b3360622e6de4a36fe60aa28

  • SHA256

    ffc1579f33a8d76210bd5303172199b3e2c938a5e6e969b9e54c38e10b4158e6

  • SHA512

    d9abdfede5f980e550353b46dcce57375ee2a9733040935ebd4f2cfc3ed1408ab5bc8d5698cc491473c0f29f3c7cf029517c0062d28c9f93bfd1b4647807f0b4

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      Faktura_7122128240·pdf.vbs

    • Size

      7KB

    • MD5

      cc6e41e0786764096a50057a3743e7c6

    • SHA1

      2493a1410d91a8084249ef9f0b3e7aa885ddef5d

    • SHA256

      7e4a39824d8b86485d45a17ebd90a40e02a356a6a3457574303853decb61e09d

    • SHA512

      5bfe75eb2661459a1073348cfadb64ced142baae9ff54fcd7a8733ae7ffc750f9ab41f2e1415ed275c7ec9f33257a7201bf0e5881ff0d26c2eac644c04aee38c

    • SSDEEP

      96:lmXU2FvaJR+t7tVQm+83tkD3J8j0dEvOItsLQWSK+PtevdOYPmCVUbtCpgjPVHQv:lmk2VaJeXj0exCnItmd/Pml9jPp4jQYB

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks