Overview

overview

10

Static

static

3

Modregninger.exe

windows7-x64

10

Modregninger.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Modregninger.exe

  • Size

    600KB

  • Sample

    241007-yqfn1awelb

  • MD5

    41b7102695b71b483617e5817576e6ea

  • SHA1

    911f170a3fdcaf086141e9bbe811cb4d15f59b51

  • SHA256

    16b2e1bd0d733a94f7547fd4b7c15ea3ed5d9978c611fe805199f920dda3dc61

  • SHA512

    9e08b3b3437ec0106f809322de2e538f2d0defe934ae04815c2f6fdd23272b9b9498f7b565372dbe16769234441a6d2a6711c4ce90f7b9ee08f97347fbd0abd8

  • SSDEEP

    12288:/22t93y7NMalZE1lbwLCnPLPr30IRiMj906OL:/22tZEFZE1lbwLgPLr3Q6O

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Modregninger.exe

    • Size

      600KB

    • MD5

      41b7102695b71b483617e5817576e6ea

    • SHA1

      911f170a3fdcaf086141e9bbe811cb4d15f59b51

    • SHA256

      16b2e1bd0d733a94f7547fd4b7c15ea3ed5d9978c611fe805199f920dda3dc61

    • SHA512

      9e08b3b3437ec0106f809322de2e538f2d0defe934ae04815c2f6fdd23272b9b9498f7b565372dbe16769234441a6d2a6711c4ce90f7b9ee08f97347fbd0abd8

    • SSDEEP

      12288:/22t93y7NMalZE1lbwLCnPLPr30IRiMj906OL:/22tZEFZE1lbwLgPLr3Q6O

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks