General

  • Target

    rPO-000172483.exe

  • Size

    1.1MB

  • Sample

    241030-qsc2wsthra

  • MD5

    038aab3a1450ed01e0635bdb5b09c39c

  • SHA1

    bf02949f07662158215776acbaac683b6959320e

  • SHA256

    ad1f6b68331f1d4b983df1eddfea197f4a091e648528dc28c6016524b51d58b0

  • SHA512

    471c0ab744b228dd5b46c53d3dde2127834ff066bc3dde1f969c287fb22bc490f5bdc2fee13141fc91d931e9a02d2583b3c280deec85bdbdd9b1cb26f1eece82

  • SSDEEP

    24576:h4nhDoAFmXsrvR1kSMEkaHnjZVhbBNF1lmZNXLGQ7WczkxFnfbP9u:h+hkbXsjQSME/1Vhb5kNXKQKczgI

Malware Config

Targets

    • Target

      rPO-000172483.exe

    • Size

      1.1MB

    • MD5

      038aab3a1450ed01e0635bdb5b09c39c

    • SHA1

      bf02949f07662158215776acbaac683b6959320e

    • SHA256

      ad1f6b68331f1d4b983df1eddfea197f4a091e648528dc28c6016524b51d58b0

    • SHA512

      471c0ab744b228dd5b46c53d3dde2127834ff066bc3dde1f969c287fb22bc490f5bdc2fee13141fc91d931e9a02d2583b3c280deec85bdbdd9b1cb26f1eece82

    • SSDEEP

      24576:h4nhDoAFmXsrvR1kSMEkaHnjZVhbBNF1lmZNXLGQ7WczkxFnfbP9u:h+hkbXsjQSME/1Vhb5kNXKQKczgI

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      d6f54d2cefdf58836805796f55bfc846

    • SHA1

      b980addc1a755b968dd5799179d3b4f1c2de9d2d

    • SHA256

      f917aef484d1fbb4d723b2e2d3045cb6f5f664e61fbb3d5c577bd1c215de55d9

    • SHA512

      ce67da936a93d46ef7e81abc8276787c82fd844c03630ba18afc3528c7e420c3228bfe82aeda083bb719f2d1314afae913362abd1e220cb364606519690d45db

    • SSDEEP

      192:acA1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6w79Mw:RR7SrtTv53tdtTgwF4SQbGPX36wJMw

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks