Overview

overview

10

Static

static

1

Zeskanowan...29.vbs

windows7-x64

10

Zeskanowan...29.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Zeskanowana lista przedmiotów nr 84329.7z

  • Size

    740KB

  • Sample

    240925-n4rnbaxdje

  • MD5

    1febf6e7d87fc99784b24d226d89a7f5

  • SHA1

    a3e607e82ceac7f8a19d2ad687ccd637808da4a0

  • SHA256

    1268183fd0713f57728aa7cacd66edce14a8c08bacf14c5822dff0906020a88e

  • SHA512

    1489011e29eb8dd477502a0007bb6350f935c0a6bbcb041a75236b5eeb620f536dc18859e488282116605cf6b961c5eab3204d7dca4b442d380bc126a11304d1

  • SSDEEP

    12288:9ng8ZEZr/hCJaInA1uOli8hxL1mEouaCJJjdPmbG8SS3G+Y12jRjN+ZFJRfmBY0:JjR5nA8Yx5mEoudPmq8jY1sj4zrfw

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Zeskanowana lista przedmiotów nr 84329.vbs

    • Size

      1.2MB

    • MD5

      66ccc86e92b90555bef9ec7f4281cc8b

    • SHA1

      8ef7f0bec3beb48df154b350cae7729df9e3cb74

    • SHA256

      6e435f3a080733d5733beb10fd0d45f8530f9f5ebf8367ff1b4daf56d0106dc3

    • SHA512

      89d225f726add2f44a33a8dd85ceb89a2fd6e526586e079ad62247659766337367888376f0d44b1eb936103ca0d499a59c6fb11a3aeb9fe3e60e7c72ed218b2e

    • SSDEEP

      24576:aYQfEcXSFMuTGp2jdvB8S+QrShBYxfcFme3Frt0yOL09jFxzUA8cP51Xq:AccYMx7h6kuQq

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks