Overview

overview

10

Static

static

3

z65orderre...at.exe

windows7-x64

10

z65orderre...at.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z65orderrequest.bat.exe

  • Size

    787KB

  • Sample

    240925-k1622szdkc

  • MD5

    2a58425293da7dfb6b538be1a0938ae0

  • SHA1

    f0c77f6e7b0aa956a69781cee03f178993c6b2b4

  • SHA256

    1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052

  • SHA512

    a520036a55b9cb63a9e5d1665378d6bf1f4c6922b1c8302e1e696c1d7e1e11d166d173435a8bf33a0c1f05826dee1e061d4d110459037c156cba29294d18f9ad

  • SSDEEP

    12288:ZtSfgqcOZxX5BgvFnV6IBRudkPIUqMzABEcdmBIG8991x2HqMqFK1yoI:LSfgeXIvXDlI4wEcsBIFxwqFK1yoI

Score
10/10
guloaderdiscoverydownloaderexecutionpersistence

Malware Config

Targets

    • Target

      z65orderrequest.bat.exe

    • Size

      787KB

    • MD5

      2a58425293da7dfb6b538be1a0938ae0

    • SHA1

      f0c77f6e7b0aa956a69781cee03f178993c6b2b4

    • SHA256

      1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052

    • SHA512

      a520036a55b9cb63a9e5d1665378d6bf1f4c6922b1c8302e1e696c1d7e1e11d166d173435a8bf33a0c1f05826dee1e061d4d110459037c156cba29294d18f9ad

    • SSDEEP

      12288:ZtSfgqcOZxX5BgvFnV6IBRudkPIUqMzABEcdmBIG8991x2HqMqFK1yoI:LSfgeXIvXDlI4wEcsBIFxwqFK1yoI

    Score
    10/10
    guloaderdiscoverydownloaderexecutionpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks