General

  • Target

    Lydisolerendes.exe

  • Size

    540KB

  • Sample

    241022-tsfdssterg

  • MD5

    c102be4fe0f4b2daa8079f8e96d3dbf9

  • SHA1

    621ef9f2ec3b515811554c54fbc1876327ca9039

  • SHA256

    d44e056cef3d42814519f4e2cb0bc609ffe8f1ab02bb49093ab9b04ba349e998

  • SHA512

    dd1ab1ae628626ffc96ddc71076a70ef673dc22b0a3f10a888a43fec2fd89dba82b7158cc1460cec7753d61d60d40f3ce94d1c1c7c2833a31c4d9aa37f1eaf84

  • SSDEEP

    12288:DML8DpbWc2SiqNxMhG330KXWBtxsqUGy841Wks+ZHmkHN3HiPCpfBVx:ILYtRt0BxTZy84DHnHpHiwV

Malware Config

Targets

    • Target

      Lydisolerendes.exe

    • Size

      540KB

    • MD5

      c102be4fe0f4b2daa8079f8e96d3dbf9

    • SHA1

      621ef9f2ec3b515811554c54fbc1876327ca9039

    • SHA256

      d44e056cef3d42814519f4e2cb0bc609ffe8f1ab02bb49093ab9b04ba349e998

    • SHA512

      dd1ab1ae628626ffc96ddc71076a70ef673dc22b0a3f10a888a43fec2fd89dba82b7158cc1460cec7753d61d60d40f3ce94d1c1c7c2833a31c4d9aa37f1eaf84

    • SSDEEP

      12288:DML8DpbWc2SiqNxMhG330KXWBtxsqUGy841Wks+ZHmkHN3HiPCpfBVx:ILYtRt0BxTZy84DHnHpHiwV

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks