General
-
Target
f104572d09f9f2cbec6f95cd5dbb676804216ce5ae3f35cff1582a35a4849238.vbe
-
Size
26KB
-
Sample
240926-c5cd8swbme
-
MD5
e11bbc8cee5056167a63bcef0fe84e4d
-
SHA1
3e918da8f1b5470bb595a6b0b547cbcd027f7092
-
SHA256
f104572d09f9f2cbec6f95cd5dbb676804216ce5ae3f35cff1582a35a4849238
-
SHA512
9c408ac208f0afcb9d9c2ed8a6f4087e7e72585757a2969905dd31c20481905d2cbfde067b43242100bc2b70c10e8d3fb1e400d0cf47281c9dd1eb1ce1f6d2fc
-
SSDEEP
384:3ydPCgpjudNX1kAfBmtAKNaZQZVNiBW3R:idPZp6dzkAf0t3ag/iBW3R
Malware Config
Targets
-
-
Target
f104572d09f9f2cbec6f95cd5dbb676804216ce5ae3f35cff1582a35a4849238.vbe
-
Size
26KB
-
MD5
e11bbc8cee5056167a63bcef0fe84e4d
-
SHA1
3e918da8f1b5470bb595a6b0b547cbcd027f7092
-
SHA256
f104572d09f9f2cbec6f95cd5dbb676804216ce5ae3f35cff1582a35a4849238
-
SHA512
9c408ac208f0afcb9d9c2ed8a6f4087e7e72585757a2969905dd31c20481905d2cbfde067b43242100bc2b70c10e8d3fb1e400d0cf47281c9dd1eb1ce1f6d2fc
-
SSDEEP
384:3ydPCgpjudNX1kAfBmtAKNaZQZVNiBW3R:idPZp6dzkAf0t3ag/iBW3R
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Network Service Discovery
Attempt to gather information on host's network.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-