General

  • Target

    Transferencia realizada 451236_1.rar

  • Size

    746KB

  • Sample

    241031-qvyrdazckq

  • MD5

    41b3669e6aa7b3a6f678577f80cc2f6f

  • SHA1

    b0fdb10b86326c8e865b9c94516092a50b456238

  • SHA256

    155a0b805cfe7ab06e153072f019499e5a4a6debe7ec0f148a08c0b9e2a51fec

  • SHA512

    6509e42079a36642a172187f6bb2e757a9b905fe5428a82899965aa80fdd1e072db9b9d3611988ce551a4e73228222eccaea6404887793dc7ef517a19eae961d

  • SSDEEP

    12288:CaFyI3DP/SoMG16MLPDh9OwpdRFou8EJelWqji26H0iK9hc42aaSUOQpR5Scr:DV7/WgNLPfhnelSAc42atyR5Sg

Malware Config

Targets

    • Target

      Transferencia realizada 451236.exe

    • Size

      893KB

    • MD5

      12f32dc32a25a48db3aca40758745e80

    • SHA1

      41f2c89b8c83b279633c641d1e266a3a2487294d

    • SHA256

      8085c17ea9441ff19ee1d021408ce2b159bdf4d53704a9afd180e76033c74415

    • SHA512

      b3e71933c26fc75dfa3aef0efc9ef375572df28cdba1b85dac9ecda062e572a6999dcbeec382b04e5a7d24e3485f5aa6852fad9e2d36fded55525fa8acf8dd9c

    • SSDEEP

      24576:6x+rRnZt2HrJ1oAzm2ESD62HnQIQMOKOaeKX:6x+1nZcLHFzmnSW2HTzOKOwX

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks