General

  • Target

    nPO-000172483.lzh.rar

  • Size

    1.0MB

  • Sample

    241030-q6dwcatkcx

  • MD5

    5299e468469f0296910dc0d18a6a7258

  • SHA1

    5fd1fa2ca69a6dd54f7321a7d1874e0fdef23acd

  • SHA256

    c24e591bfe433669d8cb9b3b3c4c989da4bf6d6cc58de373dead1859dbcbcc27

  • SHA512

    bcd51ef2e05d22c6c46c9dc718030cbed6e35b8f82493d4ae4404a63f5f439baab5a6197d0565ef28b3ee065ceb7de4a64a3f293212bc0f6542be3dbd4adab59

  • SSDEEP

    24576:WU3QWCcPg1ouDBC0DnxCqaJgkajEfoQE7adYDpjpq+aNG:WUAWCco13k08qaLoQELDpPsG

Malware Config

Targets

    • Target

      PO-000172483.exe

    • Size

      1.1MB

    • MD5

      038aab3a1450ed01e0635bdb5b09c39c

    • SHA1

      bf02949f07662158215776acbaac683b6959320e

    • SHA256

      ad1f6b68331f1d4b983df1eddfea197f4a091e648528dc28c6016524b51d58b0

    • SHA512

      471c0ab744b228dd5b46c53d3dde2127834ff066bc3dde1f969c287fb22bc490f5bdc2fee13141fc91d931e9a02d2583b3c280deec85bdbdd9b1cb26f1eece82

    • SSDEEP

      24576:h4nhDoAFmXsrvR1kSMEkaHnjZVhbBNF1lmZNXLGQ7WczkxFnfbP9u:h+hkbXsjQSME/1Vhb5kNXKQKczgI

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      d6f54d2cefdf58836805796f55bfc846

    • SHA1

      b980addc1a755b968dd5799179d3b4f1c2de9d2d

    • SHA256

      f917aef484d1fbb4d723b2e2d3045cb6f5f664e61fbb3d5c577bd1c215de55d9

    • SHA512

      ce67da936a93d46ef7e81abc8276787c82fd844c03630ba18afc3528c7e420c3228bfe82aeda083bb719f2d1314afae913362abd1e220cb364606519690d45db

    • SSDEEP

      192:acA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:RR7SrtTv53tdtTgwF4SQbGPX36wJMw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks