General
-
Target
Számla_401337541·pdf.vbe
-
Size
33KB
-
Sample
240920-hdggrstanh
-
MD5
950b71673a30da7ed2a70a52e0ecd4c8
-
SHA1
af77d38a98cde619cbf78ccbc0cc461056fa6777
-
SHA256
cdf03929a99118cce8ce372a8df7aabb81d5dfbbfd581c95096a093afaf67576
-
SHA512
4abdc6e77ae0a34a219ac53cc856898f74f27a19277d96ec9efacced6cdffc9d507dd9d4cd51e5c26f0b7467008c7fb4508e44bde0cddc8c47d2ccc578ed776b
-
SSDEEP
384:Z9vOg3/pDa98sWqazEVHhDa5+JyhfPgLLzCPrKEKnTlzZdv3tD8d5V:Zp3/I9VvTyVPSLGrKEwpjpob
Malware Config
Targets
-
-
Target
Számla_401337541·pdf.vbe
-
Size
33KB
-
MD5
950b71673a30da7ed2a70a52e0ecd4c8
-
SHA1
af77d38a98cde619cbf78ccbc0cc461056fa6777
-
SHA256
cdf03929a99118cce8ce372a8df7aabb81d5dfbbfd581c95096a093afaf67576
-
SHA512
4abdc6e77ae0a34a219ac53cc856898f74f27a19277d96ec9efacced6cdffc9d507dd9d4cd51e5c26f0b7467008c7fb4508e44bde0cddc8c47d2ccc578ed776b
-
SSDEEP
384:Z9vOg3/pDa98sWqazEVHhDa5+JyhfPgLLzCPrKEKnTlzZdv3tD8d5V:Zp3/I9VvTyVPSLGrKEwpjpob
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-