General
-
Target
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe
-
Size
545KB
-
Sample
241106-c7d1vawkeq
-
MD5
6fa8bc297f2359d3cd35fc1ef12c1b9e
-
SHA1
b6be96971f04dd616e399a2cad14d49e08623036
-
SHA256
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af
-
SHA512
baec2716fc69dc58a2eea22458ef6ab10825beb537bbdb9ec727d6086ea0cdff06136f709173c01a6643ef6bfc717e04e6de285862a5a6d5e9e3d9c9a6529793
-
SSDEEP
6144:VPXc3AQYxRhND7QZ+Z4jeRZEkzu5PdT0qsTbKqN1Z+i1Sl9DsZ+cBcomv6rb2:iuRT7QZ+Zj4kq25Cl9DsZ+URr
Static task
static1
Behavioral task
behavioral1
Sample
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Catchpoleship.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Catchpoleship.ps1
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af.exe
-
Size
545KB
-
MD5
6fa8bc297f2359d3cd35fc1ef12c1b9e
-
SHA1
b6be96971f04dd616e399a2cad14d49e08623036
-
SHA256
5a99c490bd9b35a1efe9c4233023dc37641f78b67e34632c9833ec8c06c3c4af
-
SHA512
baec2716fc69dc58a2eea22458ef6ab10825beb537bbdb9ec727d6086ea0cdff06136f709173c01a6643ef6bfc717e04e6de285862a5a6d5e9e3d9c9a6529793
-
SSDEEP
6144:VPXc3AQYxRhND7QZ+Z4jeRZEkzu5PdT0qsTbKqN1Z+i1Sl9DsZ+cBcomv6rb2:iuRT7QZ+Zj4kq25Cl9DsZ+URr
Score10/10-
Guloader family
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Catchpoleship.Ter
-
Size
56KB
-
MD5
bea0253bd1d370c8bcc515e8ff7bb6e9
-
SHA1
9b1443ba1094479087b73d1999cbadfb8e2eacbd
-
SHA256
844e8c95af74d9b8b7ee184a61f16ce1221679b84556cb78b9acab1d0fb9936b
-
SHA512
1930e412af035f6a4ba452b3af21ba77c316fb757d32250fe343e648b3bee421c495f2607f3549cd20e1a079f9934a0ab5f7a7af0b648742ecd00b1f9e0c18be
-
SSDEEP
1536:M34qzsYB1X+FcuzJjBn0cfNI2egeqrDxe0U:M34UBP2zJjBn0k2eneJ
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-