Overview

overview

10

Static

static

1

Factura029...f..exe

windows7-x64

5

Factura029...f..exe

windows10-2004-x64

10

Monotheistic154.ps1

windows7-x64

3

Monotheistic154.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Factura0292091162024Urbia.pdf..exe

  • Size

    809KB

  • Sample

    241111-kvqswawhpq

  • MD5

    53e2b2ad9748d98c82d9b894f0fa5bda

  • SHA1

    6d5b7bc033210b438b98d26380746496e0f231e1

  • SHA256

    bee9b9e032ae0f79187a3f2944efa649041840d519a668952a2c3e5b221a1915

  • SHA512

    196b1903f8be2d250480e46af37ec5b57d46d331caa1569dd53aef4c6e0132f691f7a3cc73bd9e20b8b9009feb34dd71766ea242e38e34f6c74bba7602798146

  • SSDEEP

    24576:mHhe68g9nH0nObU0fwBcvqjXInHXUF/GmEZet2gkA:mBmgtH0nmCkkIhgNkA

Score
10/10
guloaderdiscoverydownloaderexecutionpersistence

Malware Config

Targets

    • Target

      Factura0292091162024Urbia.pdf..exe

    • Size

      809KB

    • MD5

      53e2b2ad9748d98c82d9b894f0fa5bda

    • SHA1

      6d5b7bc033210b438b98d26380746496e0f231e1

    • SHA256

      bee9b9e032ae0f79187a3f2944efa649041840d519a668952a2c3e5b221a1915

    • SHA512

      196b1903f8be2d250480e46af37ec5b57d46d331caa1569dd53aef4c6e0132f691f7a3cc73bd9e20b8b9009feb34dd71766ea242e38e34f6c74bba7602798146

    • SSDEEP

      24576:mHhe68g9nH0nObU0fwBcvqjXInHXUF/GmEZet2gkA:mBmgtH0nmCkkIhgNkA

    Score
    10/10
    discoveryexecutionguloaderdownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Monotheistic154.Hva

    • Size

      52KB

    • MD5

      319c227e068176aaecd7365843c8bf48

    • SHA1

      079e87e0de433023e0031ba596036e69b7785fbd

    • SHA256

      ccccc37ddb764f9ecaa067032f53db5ed67b0fff95985958a966100b97c0d583

    • SHA512

      1d55477dfb7299aa68d06247f8f3a5d4e03fe7ec65c65feaef29ebc1d8d166da5f98643806e00f9724d6d4de7fd6ee538441233a6618e0345901c21d7d378f39

    • SSDEEP

      1536:dYB9gMUl+4lSKkmsNL9Q0pgq/t9TelB/AVE:KBeMUl+4EKkmsdpxtVgb

    Score
    8/10
    executionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks