General
-
Target
22112024_1151_New listed items 7648767856387547354734567465647568487.rar
-
Size
470KB
-
Sample
241122-n1nr9azna1
-
MD5
9755da8c1a74116aade0d12f3f0d8c63
-
SHA1
209e5ffdef75302a199bdf5cbfc8f2d8a5404e7d
-
SHA256
a1f46331cdac999f3062c11a5cc2a0b25e36643209cfe09284740888f315bdba
-
SHA512
1e6f83d5f76d107af64d21ea99bea83b8b50ae87a8a5df815eb0d16d2b073a7976cd5bc71b05a1ac878f02002e82841fbd3483d632de146bf18324c28026e0e5
-
SSDEEP
12288:qnfZNNIb5GkqR8ixKniaTB9CzPG0gWtlR5LgEr3yIDt:qnfdIbUdhxKiaTB9CzOxW//dtJ
Malware Config
Targets
-
-
Target
New listed items 7648767856387547354734567465647568487.exe
-
Size
555KB
-
MD5
0eba80cec1f68f8607f19003175a78e1
-
SHA1
bd9f024f05b94728ee7068afee6f09517eb0142c
-
SHA256
a314052757f5824102f68e016d0fb5c17f273a9a540a61be4fecf2c15f256324
-
SHA512
1a6f722a533315a6cf237b4bd20210660e8b057a677c68dbfa43900cd49d28c9f28ec570be8da964e8d93b7e91d650854c59798093740830db56b940c80a747a
-
SSDEEP
12288:32EIVQzs1onZpdAZOTXJb+xNWYo5oetAaSTgcqNmd3ZhZX:3wwsOnZAOJ4NWYlxTgbNmdPZX
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
75ed96254fbf894e42058062b4b4f0d1
-
SHA1
996503f1383b49021eb3427bc28d13b5bbd11977
-
SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
-
SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
-
SSDEEP
192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1