General

  • Target

    5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe

  • Size

    545KB

  • Sample

    241106-c7d1vawkeq

  • MD5

    6fa8bc297f2359d3cd35fc1ef12c1b9e

  • SHA1

    b6be96971f04dd616e399a2cad14d49e08623036

  • SHA256

    5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af

  • SHA512

    baec2716fc69dc58a2eea22458ef6ab10825beb537bbdb9ec727d6086ea0cdff06136f709173c01a6643ef6bfc717e04e6de285862a5a6d5e9e3d9c9a6529793

  • SSDEEP

    6144:VPXc3AQYxRhND7QZ+Z4jeRZEkzu5PdT0qsTbKqN1Z+i1Sl9DsZ+cBcomv6rb2:iuRT7QZ+Zj4kq25Cl9DsZ+URr

Malware Config

Targets

    • Target

      5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe

    • Size

      545KB

    • MD5

      6fa8bc297f2359d3cd35fc1ef12c1b9e

    • SHA1

      b6be96971f04dd616e399a2cad14d49e08623036

    • SHA256

      5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af

    • SHA512

      baec2716fc69dc58a2eea22458ef6ab10825beb537bbdb9ec727d6086ea0cdff06136f709173c01a6643ef6bfc717e04e6de285862a5a6d5e9e3d9c9a6529793

    • SSDEEP

      6144:VPXc3AQYxRhND7QZ+Z4jeRZEkzu5PdT0qsTbKqN1Z+i1Sl9DsZ+cBcomv6rb2:iuRT7QZ+Zj4kq25Cl9DsZ+URr

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Catchpoleship.Ter

    • Size

      56KB

    • MD5

      bea0253bd1d370c8bcc515e8ff7bb6e9

    • SHA1

      9b1443ba1094479087b73d1999cbadfb8e2eacbd

    • SHA256

      844e8c95af74d9b8b7ee184a61f16ce1221679b84556cb78b9acab1d0fb9936b

    • SHA512

      1930e412af035f6a4ba452b3af21ba77c316fb757d32250fe343e648b3bee421c495f2607f3549cd20e1a079f9934a0ab5f7a7af0b648742ecd00b1f9e0c18be

    • SSDEEP

      1536:M34qzsYB1X+FcuzJjBn0cfNI2egeqrDxe0U:M34UBP2zJjBn0k2eneJ

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks