Overview

overview

10

Static

static

3

rpedido-002297.exe

windows7-x64

10

rpedido-002297.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rpedido-002297.exe

  • Size

    555KB

  • Sample

    241003-th2jaatfll

  • MD5

    e7b674773e7c72426b2bcc90a9c1e299

  • SHA1

    174323edc68682341dd312095cefaa2c6680de24

  • SHA256

    643a505fefdbf1f0fa9915550a75b2b739aba1683858f92f332c9585c838690d

  • SHA512

    88775e285072fd73cc42eb162b30f81197830befe7751529b4dc3a4d021571a17b90323805236149683097850916cc534205467ed0f584f67cb79b029f771ddb

  • SSDEEP

    12288:TaIq2S5iC8dHsPeOXHO80cE6PU2dLkbdG0A:WrJ8MLXHO8ZE6PU4IdGb

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      rpedido-002297.exe

    • Size

      555KB

    • MD5

      e7b674773e7c72426b2bcc90a9c1e299

    • SHA1

      174323edc68682341dd312095cefaa2c6680de24

    • SHA256

      643a505fefdbf1f0fa9915550a75b2b739aba1683858f92f332c9585c838690d

    • SHA512

      88775e285072fd73cc42eb162b30f81197830befe7751529b4dc3a4d021571a17b90323805236149683097850916cc534205467ed0f584f67cb79b029f771ddb

    • SSDEEP

      12288:TaIq2S5iC8dHsPeOXHO80cE6PU2dLkbdG0A:WrJ8MLXHO8ZE6PU4IdGb

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      8b3830b9dbf87f84ddd3b26645fed3a0

    • SHA1

      223bef1f19e644a610a0877d01eadc9e28299509

    • SHA256

      f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

    • SHA512

      d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

    • SSDEEP

      192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks