General

  • Target

    rTransferenciarealizada451236.exe

  • Size

    893KB

  • Sample

    241030-aeqststner

  • MD5

    12f32dc32a25a48db3aca40758745e80

  • SHA1

    41f2c89b8c83b279633c641d1e266a3a2487294d

  • SHA256

    8085c17ea9441ff19ee1d021408ce2b159bdf4d53704a9afd180e76033c74415

  • SHA512

    b3e71933c26fc75dfa3aef0efc9ef375572df28cdba1b85dac9ecda062e572a6999dcbeec382b04e5a7d24e3485f5aa6852fad9e2d36fded55525fa8acf8dd9c

  • SSDEEP

    24576:6x+rRnZt2HrJ1oAzm2ESD62HnQIQMOKOaeKX:6x+1nZcLHFzmnSW2HTzOKOwX

Malware Config

Targets

    • Target

      rTransferenciarealizada451236.exe

    • Size

      893KB

    • MD5

      12f32dc32a25a48db3aca40758745e80

    • SHA1

      41f2c89b8c83b279633c641d1e266a3a2487294d

    • SHA256

      8085c17ea9441ff19ee1d021408ce2b159bdf4d53704a9afd180e76033c74415

    • SHA512

      b3e71933c26fc75dfa3aef0efc9ef375572df28cdba1b85dac9ecda062e572a6999dcbeec382b04e5a7d24e3485f5aa6852fad9e2d36fded55525fa8acf8dd9c

    • SSDEEP

      24576:6x+rRnZt2HrJ1oAzm2ESD62HnQIQMOKOaeKX:6x+1nZcLHFzmnSW2HTzOKOwX

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks