General

  • Target

    Forreste.exe

  • Size

    895KB

  • Sample

    241030-qech7sthln

  • MD5

    b6bcb5405a50ef97d57ae2b43ad5d01e

  • SHA1

    2c8288be420bdb1b53438f07cbcdec259f47bd0d

  • SHA256

    0c3b34493099cbbfbf51b25a4befe93e8d1b92008884500f91c66e2bd00dee1f

  • SHA512

    1a0eeea2ce4608fc4e0ae67b94f6c137de873b5c0da735c22a2e295dd9577aa1f6ba85ecd0193d771289d417a1d9cc758ea5cf8284cf3f2e3272571414cc9391

  • SSDEEP

    24576:5x+rg0PyXjILtPkoAzuyn/pBF62HnQIQMOKOaeKg:5x+s0PyXjIxPkFzucp22HTzOKOwg

Malware Config

Targets

    • Target

      Forreste.exe

    • Size

      895KB

    • MD5

      b6bcb5405a50ef97d57ae2b43ad5d01e

    • SHA1

      2c8288be420bdb1b53438f07cbcdec259f47bd0d

    • SHA256

      0c3b34493099cbbfbf51b25a4befe93e8d1b92008884500f91c66e2bd00dee1f

    • SHA512

      1a0eeea2ce4608fc4e0ae67b94f6c137de873b5c0da735c22a2e295dd9577aa1f6ba85ecd0193d771289d417a1d9cc758ea5cf8284cf3f2e3272571414cc9391

    • SSDEEP

      24576:5x+rg0PyXjILtPkoAzuyn/pBF62HnQIQMOKOaeKg:5x+s0PyXjIxPkFzucp22HTzOKOwg

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks