General

  • Target

    60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690.exe

  • Size

    836KB

  • Sample

    241106-rwycnstrbl

  • MD5

    2b89f539fc49781f2fc6d8debf491c90

  • SHA1

    227e1d6ff55aac9d09a30050cbe7acabd6df2968

  • SHA256

    60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690

  • SHA512

    bd8a5af726503b17ec860745a4adf39c85c4be92a7c4e545318538bbc52e0f3052d207fe600e5d88cb8a04256867bcb4ae6d541518ed3136afe7c5ce2ae2de02

  • SSDEEP

    24576:OXhejYBQ1sKjVdXgf9lHWstDV8ScB0RpVCg5Ev7ixMmJ:CtKjV6f9lHltDVbcmPoixr

Malware Config

Targets

    • Target

      60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690.exe

    • Size

      836KB

    • MD5

      2b89f539fc49781f2fc6d8debf491c90

    • SHA1

      227e1d6ff55aac9d09a30050cbe7acabd6df2968

    • SHA256

      60f7c2d61a09e10204c2c6b359f2d87f3714ebff676a92d38da0af160c738690

    • SHA512

      bd8a5af726503b17ec860745a4adf39c85c4be92a7c4e545318538bbc52e0f3052d207fe600e5d88cb8a04256867bcb4ae6d541518ed3136afe7c5ce2ae2de02

    • SSDEEP

      24576:OXhejYBQ1sKjVdXgf9lHWstDV8ScB0RpVCg5Ev7ixMmJ:CtKjV6f9lHltDVbcmPoixr

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Laryngectomize/Listeprisernes.Fak

    • Size

      53KB

    • MD5

      e4f72073cc7b121ef1e77875b5c3aa40

    • SHA1

      eb3ace1b3dd416dbcdec1ae6a1ee3d20227ae6fd

    • SHA256

      0a8ab46fd80e222c9f3e2ec4cf38c67ae7adf4f09e40709bbba2c2e3ee785f43

    • SHA512

      662b9d35f71c99eea7187332363de7d6ea3ab54e1e6b0800f2162b6984949fdf7bebecf26d8db89a9438e532a2d2229a5110b201d814a1853d851f229065306a

    • SSDEEP

      1536:ElXR51ki9AdNwV/NK2HnznYzlt+UY8vECtZfk4:0rzeTC//LYzltb6eZ84

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks