General

  • Target

    22102024_1637_22102024_factura.rar

  • Size

    517KB

  • Sample

    241022-t4xr8avbrc

  • MD5

    aa95b8dce0cab17377d6bfa3fcc4fd20

  • SHA1

    95d25cc7e38e384c184a972485477c4b237085cb

  • SHA256

    28d29ff8363e71797bd687b5d42b715633e42ce76f4649c7ae68f5a229a36ac9

  • SHA512

    1205a97578272981eac837d62871a25bc9b8f009a7c9a4fdefd33a26a0e85f7092d7b673c9ef98657b742a92b47089b6e5eefbe9dba07bcc9436b936fe8b9d5e

  • SSDEEP

    12288:YjX6n3doaMyyJR272qeTx2MD4SkEc4aOSM0sjvjD9fyvyGuZm3yVL:YjX6n3doeyJUi58SkEQOH0sjX9kyGM0q

Malware Config

Targets

    • Target

      Gansa.exe

    • Size

      529KB

    • MD5

      8ef9b2c45f53d18d18a7da795d5a6a50

    • SHA1

      353bb94c823123080c9c06e2f05fdd2fc5dd9b77

    • SHA256

      8602f2a77c0f0829d49f4ad809b8edf2dc3f86d89cf067e02718edda51ef0ab0

    • SHA512

      af3afdcbb1521088a2e8b4cb30b16cd9fa97cb1a61ea4bcf8c1ae5cf55cb6a0c66c5ce0f6b95d40d5bcc0173586a65f4186aedcf9d7c0a4e3dd6332b0676572c

    • SSDEEP

      12288:DMSfP91E/UwWb8FKQBmuipC4HKzvgmBQ6Ds+ZHmkHN3HiPCpfBVx:ISN1UFWgFKQXi9HKZ2eHnHpHiwV

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      cf85183b87314359488b850f9e97a698

    • SHA1

      6b6c790037eec7ebea4d05590359cb4473f19aea

    • SHA256

      3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac

    • SHA512

      fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

    • SSDEEP

      96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks