Overview

overview

10

Static

static

3

RFQ.exe

windows7-x64

10

RFQ.exe

windows10-2004-x64

4

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ.exe

  • Size

    671KB

  • Sample

    240923-psxwmazeph

  • MD5

    2e59c7961eabc8d79c3ab14cb31265ac

  • SHA1

    876dcba192ce05586f61cf36a89331a32b1f0731

  • SHA256

    8da5d531256d55bde006c357a260e4b4bc1daf904dbef15193a2884056679db8

  • SHA512

    6c3a295bf76c2af30b4feda03e798e584992edf0843b113adb6053bf454a2b7d7f5d5e8f864fa61baedebf4215421d93b7b252d8bd8f4d8a83b1db71ce7f9eb7

  • SSDEEP

    12288:6yHBw65KQM9PR8hcQfHsPogG7WvS4aGEllLHeyhF1umF:dHC6FM9PjQfMPtGKvS4aGYL+yhF1umF

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      RFQ.exe

    • Size

      671KB

    • MD5

      2e59c7961eabc8d79c3ab14cb31265ac

    • SHA1

      876dcba192ce05586f61cf36a89331a32b1f0731

    • SHA256

      8da5d531256d55bde006c357a260e4b4bc1daf904dbef15193a2884056679db8

    • SHA512

      6c3a295bf76c2af30b4feda03e798e584992edf0843b113adb6053bf454a2b7d7f5d5e8f864fa61baedebf4215421d93b7b252d8bd8f4d8a83b1db71ce7f9eb7

    • SSDEEP

      12288:6yHBw65KQM9PR8hcQfHsPogG7WvS4aGEllLHeyhF1umF:dHC6FM9PjQfMPtGKvS4aGYL+yhF1umF

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      cf85183b87314359488b850f9e97a698

    • SHA1

      6b6c790037eec7ebea4d05590359cb4473f19aea

    • SHA256

      3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac

    • SHA512

      fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

    • SSDEEP

      96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks