Overview

overview

10

Static

static

3

Lydisolerendes.exe

windows7-x64

10

Lydisolerendes.exe

windows10-2004-x64

10

Lydisolerendes.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lydisolerendes.exe

  • Size

    540KB

  • Sample

    241022-tsfdssterg

  • MD5

    c102be4fe0f4b2daa8079f8e96d3dbf9

  • SHA1

    621ef9f2ec3b515811554c54fbc1876327ca9039

  • SHA256

    d44e056cef3d42814519f4e2cb0bc609ffe8f1ab02bb49093ab9b04ba349e998

  • SHA512

    dd1ab1ae628626ffc96ddc71076a70ef673dc22b0a3f10a888a43fec2fd89dba82b7158cc1460cec7753d61d60d40f3ce94d1c1c7c2833a31c4d9aa37f1eaf84

  • SSDEEP

    12288:DML8DpbWc2SiqNxMhG330KXWBtxsqUGy841Wks+ZHmkHN3HiPCpfBVx:ILYtRt0BxTZy84DHnHpHiwV

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Lydisolerendes.exe

    • Size

      540KB

    • MD5

      c102be4fe0f4b2daa8079f8e96d3dbf9

    • SHA1

      621ef9f2ec3b515811554c54fbc1876327ca9039

    • SHA256

      d44e056cef3d42814519f4e2cb0bc609ffe8f1ab02bb49093ab9b04ba349e998

    • SHA512

      dd1ab1ae628626ffc96ddc71076a70ef673dc22b0a3f10a888a43fec2fd89dba82b7158cc1460cec7753d61d60d40f3ce94d1c1c7c2833a31c4d9aa37f1eaf84

    • SSDEEP

      12288:DML8DpbWc2SiqNxMhG330KXWBtxsqUGy841Wks+ZHmkHN3HiPCpfBVx:ILYtRt0BxTZy84DHnHpHiwV

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks