Overview

overview

10

Static

static

3

Dannebrogsordnen.exe

windows10-2004-x64

10

Dannebrogsordnen.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dannebrogsordnen.exe

  • Size

    708KB

  • Sample

    241017-yeq1laseqf

  • MD5

    f259324bd799aa19142a7aadce371900

  • SHA1

    5c977b560c2aa6e7e016388c8c5737688ba8016f

  • SHA256

    59c46bca7b151554f067bb4a5bad03c984db9d1d2eda59124495f399741e7897

  • SHA512

    539d881b45e98433868c2ed2be341af04987af2736e47b6160dcd30d3bbe7e57f7c54e2db539b238bdbc0f7ce1860620e5d2791b5b8ff38ae978ed1bff0e4d5b

  • SSDEEP

    12288:grgjBLiIK2WVy/YqpupTj+aRIGvVg8LYCI2ugcY97FB95ByrhXmmwMRzcLSIHp:g0jBiIK2R/5pupbIGu0Y7ncr2XjZcWIJ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Dannebrogsordnen.exe

    • Size

      708KB

    • MD5

      f259324bd799aa19142a7aadce371900

    • SHA1

      5c977b560c2aa6e7e016388c8c5737688ba8016f

    • SHA256

      59c46bca7b151554f067bb4a5bad03c984db9d1d2eda59124495f399741e7897

    • SHA512

      539d881b45e98433868c2ed2be341af04987af2736e47b6160dcd30d3bbe7e57f7c54e2db539b238bdbc0f7ce1860620e5d2791b5b8ff38ae978ed1bff0e4d5b

    • SSDEEP

      12288:grgjBLiIK2WVy/YqpupTj+aRIGvVg8LYCI2ugcY97FB95ByrhXmmwMRzcLSIHp:g0jBiIK2R/5pupbIGu0Y7ncr2XjZcWIJ

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks