Overview

overview

10

Static

static

3

Fredskorps102.exe

windows7-x64

10

Fredskorps102.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fredskorps102.exe

  • Size

    798KB

  • Sample

    241008-tdfe9atfmq

  • MD5

    e9b0955c25a1c27f35cd5107cbf1ccbe

  • SHA1

    b9bf0e900b466943c51fc699f32da0f2252a20c2

  • SHA256

    093d0eb173b4ced016c4fc7171322b7034c6a4346d6aae204dceeb8ed7e24106

  • SHA512

    50d3e58ca7b9aab787abab6214fdc650e3950f17bb2d39ed0a87ae9c666ff94696b81a67a1c4b4d9da776731cdfe2757089ddce7470f1821a8ad63a7916f1475

  • SSDEEP

    12288:A5WxQI/FYodPIwxso6YF/K8MIwlJ81XK1dggHjaWgGUVjJICMrdz0MeJa:AoxQItnPPDlK8o11d9+WgGUxJ+dze

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Fredskorps102.exe

    • Size

      798KB

    • MD5

      e9b0955c25a1c27f35cd5107cbf1ccbe

    • SHA1

      b9bf0e900b466943c51fc699f32da0f2252a20c2

    • SHA256

      093d0eb173b4ced016c4fc7171322b7034c6a4346d6aae204dceeb8ed7e24106

    • SHA512

      50d3e58ca7b9aab787abab6214fdc650e3950f17bb2d39ed0a87ae9c666ff94696b81a67a1c4b4d9da776731cdfe2757089ddce7470f1821a8ad63a7916f1475

    • SSDEEP

      12288:A5WxQI/FYodPIwxso6YF/K8MIwlJ81XK1dggHjaWgGUVjJICMrdz0MeJa:AoxQItnPPDlK8o11d9+WgGUxJ+dze

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      e23600029d1b09bdb1d422fb4e46f5a6

    • SHA1

      5d64a2f6a257a98a689a3db9a087a0fd5f180096

    • SHA256

      7342b73593b3aa1b15e3731bfb1afd1961802a5c66343bac9a2c737ee94f4e38

    • SHA512

      c971f513142633ce0e6ec6a04c754a286da8016563dab368c3fac83aef81fa3e9df1003c4b63d00a46351a9d18eaa7ae7645caef172e5e1d6e29123ab864e7ac

    • SSDEEP

      192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks