Overview

overview

10

Static

static

1

Factura Di...df.vbs

windows7-x64

10

Factura Di...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    792cd4f9febcffde3a8f0e4ae8e012f7f2d78ef5c42f7c801e651e0a6680ee37

  • Size

    10KB

  • Sample

    240923-nz36jswark

  • MD5

    8ed741c4660ce06675fc96290792b396

  • SHA1

    bcd6997135a40f1ebdb74d7683e8ae2467718758

  • SHA256

    792cd4f9febcffde3a8f0e4ae8e012f7f2d78ef5c42f7c801e651e0a6680ee37

  • SHA512

    2b6e07c1c595d27867cd292f138292b4edfa6a0c2008d3d631b00cb0c82b9d1b69392505178613748a5cfaedbfccad0c23c1ba62b7729ddde13931da4c6bdb80

  • SSDEEP

    192:npcTn/Ahm8A1/RqYwMcwO4Gs8luTYtP1Fae2HjOUmlejJwQLeRcz6JG16js750:8wq/YZMcl4GfluTe1Fx2SUnjGQLeKjHW

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Factura Digi_49875444·pdf.vbs

    • Size

      33KB

    • MD5

      23a871278b8175dff3c51ea64e258d87

    • SHA1

      099366ae409ea0908fbb3facf931028289e48e78

    • SHA256

      a860af9a977d8fc6ad99942d066df0d8ca618c449eb3a3190fc3d49d6755ef17

    • SHA512

      ce7ebf6cb316057556ebaf77de487985ee566fae67a788db6351b091c43a0af5cdab34bde1c8e242ce81c971b39f83c8bcb98d8fe02a12f36e1b14ddfa80e8e9

    • SSDEEP

      384:3k7jqtTDo8r1VebE3KUOOpJWUvZil1pFz:U7mTU8ribNoQUvA1ph

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks