Overview

overview

10

Static

static

1

SIGN_23930...df.vbs

windows7-x64

10

SIGN_23930...df.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SIGN_23930581750·pdf.vbs

  • Size

    32KB

  • Sample

    240924-e3nqlaxare

  • MD5

    e198fb2a66ebacac2d2a06c6d39b578c

  • SHA1

    ac1353658fffdfba77beaa6ce1c42254ba02346f

  • SHA256

    ba44e394e0d9dc4fe9d15a2297f8ecbc3affb80100003b5c57898269261b311b

  • SHA512

    4c28d4eee277d495d2596eeab0841933ac84f5f72b12f64d9281b4023f7e9c32f22d2368bb634252fdcac4f2b79b5cfe32cdbff015f4dc8a2c6f6acdb1317fe5

  • SSDEEP

    384:3PA0Xp74bQBupq5CMat1f9wxdaW+e9FfXpcHIBSi8g:/bFsq5CHePaWB9FfXp9Si8g

Score
10/10
guloaderdiscoverydownloaderexecution

Malware Config

Targets

    • Target

      SIGN_23930581750·pdf.vbs

    • Size

      32KB

    • MD5

      e198fb2a66ebacac2d2a06c6d39b578c

    • SHA1

      ac1353658fffdfba77beaa6ce1c42254ba02346f

    • SHA256

      ba44e394e0d9dc4fe9d15a2297f8ecbc3affb80100003b5c57898269261b311b

    • SHA512

      4c28d4eee277d495d2596eeab0841933ac84f5f72b12f64d9281b4023f7e9c32f22d2368bb634252fdcac4f2b79b5cfe32cdbff015f4dc8a2c6f6acdb1317fe5

    • SSDEEP

      384:3PA0Xp74bQBupq5CMat1f9wxdaW+e9FfXpcHIBSi8g:/bFsq5CHePaWB9FfXp9Si8g

    Score
    10/10
    guloaderdiscoverydownloaderexecution

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks