General

  • Target

    Stadigheder43.exe

  • Size

    894KB

  • Sample

    241030-qech7stfng

  • MD5

    aa160f24e5670e39abcc8a33c6f51f2f

  • SHA1

    eb8f77c8f6c5699614e304d8e7f8a3950ba41a4a

  • SHA256

    2fba62d26b23162edc673374335d575688b00d1467d936618793d28ec3729ad6

  • SHA512

    8261633df47cad2dab42508a8f1c9d421b0b0c91d62a8b08bf3787c19b7116f3f091791800983bcd9d75d92b0097c08c670a38963ef4effd04e70ffc4cb9565e

  • SSDEEP

    24576:2x+rcb2ZkoncoAzPLqt62HnQIQMOKOaeKf:2x+4b2SoncFzPLH2HTzOKOwf

Malware Config

Targets

    • Target

      Stadigheder43.exe

    • Size

      894KB

    • MD5

      aa160f24e5670e39abcc8a33c6f51f2f

    • SHA1

      eb8f77c8f6c5699614e304d8e7f8a3950ba41a4a

    • SHA256

      2fba62d26b23162edc673374335d575688b00d1467d936618793d28ec3729ad6

    • SHA512

      8261633df47cad2dab42508a8f1c9d421b0b0c91d62a8b08bf3787c19b7116f3f091791800983bcd9d75d92b0097c08c670a38963ef4effd04e70ffc4cb9565e

    • SSDEEP

      24576:2x+rcb2ZkoncoAzPLqt62HnQIQMOKOaeKf:2x+4b2SoncFzPLH2HTzOKOwf

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks