General

  • Target

    29102024_1556_29102024_Doc.rar

  • Size

    748KB

  • Sample

    241029-tg7nxaxpfj

  • MD5

    fca4559f3c04e7b6cf641836214388d9

  • SHA1

    9519e4a7a0d7f812409aca433a1883f1e90fd909

  • SHA256

    154b351316b313b40bb9a95675e069b13472e30b8aa96f02c2dbf16cb0ca099c

  • SHA512

    468917229c187acec65e7fc2a145a8eea0a9ab60c1b91afa041307c1dfa635aa5bfe49e0acae591c224642d0b2cb5ad8213e72945e5f84967bd43811b37dd125

  • SSDEEP

    12288:iE1fzp719Y+2u4RwAoF8EaJGKJBP3d8SbQWp0lHdZeawLcVDJN6xNl3mNwmTw+Ke:ztDY8a9DJRJBP3dFQWadZpwL4N67laww

Malware Config

Targets

    • Target

      Forreste.exe

    • Size

      895KB

    • MD5

      b6bcb5405a50ef97d57ae2b43ad5d01e

    • SHA1

      2c8288be420bdb1b53438f07cbcdec259f47bd0d

    • SHA256

      0c3b34493099cbbfbf51b25a4befe93e8d1b92008884500f91c66e2bd00dee1f

    • SHA512

      1a0eeea2ce4608fc4e0ae67b94f6c137de873b5c0da735c22a2e295dd9577aa1f6ba85ecd0193d771289d417a1d9cc758ea5cf8284cf3f2e3272571414cc9391

    • SSDEEP

      24576:5x+rg0PyXjILtPkoAzuyn/pBF62HnQIQMOKOaeKg:5x+s0PyXjIxPkFzucp22HTzOKOwg

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks