General

  • Target

    736c7e43912f503e8c2a91a5f64c95ee3f1f817d20acbb306fba3eb9b83ba24b.exe

  • Size

    908KB

  • Sample

    241106-r1vscasarf

  • MD5

    a2c65cc4cb9e9c54c87d8ff854e57c09

  • SHA1

    b186277230369f52d20aecc762e7979cc887592d

  • SHA256

    736c7e43912f503e8c2a91a5f64c95ee3f1f817d20acbb306fba3eb9b83ba24b

  • SHA512

    d23f3378b2b5704fb2d5409a391f0d23529aaed74b907608563b1788c7ea9f16218cb7623471e8f587c743bc93254b49213599106fc4742d10040f0eee1374e3

  • SSDEEP

    24576:rx+re/u66cbmHoAzh5ynvyX62HnQIQMOKOaeK:rx+SF6CyFzqvyq2HTzOKOw

Malware Config

Targets

    • Target

      736c7e43912f503e8c2a91a5f64c95ee3f1f817d20acbb306fba3eb9b83ba24b.exe

    • Size

      908KB

    • MD5

      a2c65cc4cb9e9c54c87d8ff854e57c09

    • SHA1

      b186277230369f52d20aecc762e7979cc887592d

    • SHA256

      736c7e43912f503e8c2a91a5f64c95ee3f1f817d20acbb306fba3eb9b83ba24b

    • SHA512

      d23f3378b2b5704fb2d5409a391f0d23529aaed74b907608563b1788c7ea9f16218cb7623471e8f587c743bc93254b49213599106fc4742d10040f0eee1374e3

    • SSDEEP

      24576:rx+re/u66cbmHoAzh5ynvyX62HnQIQMOKOaeK:rx+SF6CyFzqvyq2HTzOKOw

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c9473cb90d79a374b2ba6040ca16e45c

    • SHA1

      ab95b54f12796dce57210d65f05124a6ed81234a

    • SHA256

      b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

    • SHA512

      eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

    • SSDEEP

      192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks