Overview

overview

10

Static

static

3

cfe93a4357...3b.exe

windows7-x64

8

cfe93a4357...3b.exe

windows10-2004-x64

10

Fortrinsre...es.ps1

windows7-x64

3

Fortrinsre...es.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfe93a43570d7f0a52ba72065ad15d9ac80a568a619576812749a47fc0cb3e3b.exe

  • Size

    721KB

  • Sample

    241030-dzsppswbmn

  • MD5

    4b38e08cbd84e6372b1dcc86082629d1

  • SHA1

    00c4ce241b1eaec6f93ae70b2ceaa6d43187f6be

  • SHA256

    cfe93a43570d7f0a52ba72065ad15d9ac80a568a619576812749a47fc0cb3e3b

  • SHA512

    4a7826ac37653aaf7f719ea2fa8745cc8dc3a62b58565a8c6443c9cd3178c9520075c8d5f3dbb85b5dcdcc2bd2d01a04b058e5b94a54137d133905a2f4f41cfd

  • SSDEEP

    12288:O9cizFijDzDFbKS5ZuSwcIllZzoLHtB7Y59jFkmDHThxL5DfJr:O9wDFJxIWLANFHDzhxLP

Score
10/10
guloaderdiscoverydownloaderexecutionpersistence

Malware Config

Targets

    • Target

      cfe93a43570d7f0a52ba72065ad15d9ac80a568a619576812749a47fc0cb3e3b.exe

    • Size

      721KB

    • MD5

      4b38e08cbd84e6372b1dcc86082629d1

    • SHA1

      00c4ce241b1eaec6f93ae70b2ceaa6d43187f6be

    • SHA256

      cfe93a43570d7f0a52ba72065ad15d9ac80a568a619576812749a47fc0cb3e3b

    • SHA512

      4a7826ac37653aaf7f719ea2fa8745cc8dc3a62b58565a8c6443c9cd3178c9520075c8d5f3dbb85b5dcdcc2bd2d01a04b058e5b94a54137d133905a2f4f41cfd

    • SSDEEP

      12288:O9cizFijDzDFbKS5ZuSwcIllZzoLHtB7Y59jFkmDHThxL5DfJr:O9wDFJxIWLANFHDzhxLP

    Score
    10/10
    discoveryexecutionguloaderdownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Fortrinsrettighedens/Kildesprogenes.Vir

    • Size

      54KB

    • MD5

      3f03617943c93785889b0b33151afd75

    • SHA1

      1358c716ba802fdb105b160a8895f0b9d6fb8770

    • SHA256

      dce53a205e1cdd0938ec514c4ee631101130e98dd0019e2a200c6eed4491a8d8

    • SHA512

      e90d83751d66c922814f0bceda63f498becdaf1216ff659a2835a16eacb1a361d924a7689c78bbdeacac47f993775d5b445eaecd4d31373b70921c9eaebc026f

    • SSDEEP

      1536:q46f+46iraJfbkp6LOqSm5cQYX6GQ4Jy7rUXR9WEnz:qy0ryfbc6LxSm5cfX6GQ4J3jt

    Score
    8/10
    executionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks