Overview

overview

10

Static

static

3

INVOICE Med‮fdp.exe

windows7-x64

10

INVOICE Med‮fdp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE Med‮fdp.exe

  • Size

    1.3MB

  • Sample

    241202-tfxgjs1lct

  • MD5

    fdc3131b4d815e4ad668ede8d1253121

  • SHA1

    de9d862086de79cceae300e7f9d16cb7bef2f72f

  • SHA256

    1ed594cf043e2d668b317b459f232dc4fbe9d487b292a3d31af01d47ff8f6940

  • SHA512

    4d3bd6c106d6853f3a971233bf77f351ddbedf41f1dc3fcd4969a6b63aa0d1c3a8fa40b4c0e54222675de4852b7f0122771b2e02501d0bc2432a2a59b57b4f15

  • SSDEEP

    24576:UuDXTIGaPhEYzUzA0qr7lMaLBsw6oi0WO8K1/bMoyKoB10nv7gl:zDjlabwz9A1sw6oi0UeMoyjB10nDgl

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      INVOICE Med‮fdp.exe

    • Size

      1.3MB

    • MD5

      fdc3131b4d815e4ad668ede8d1253121

    • SHA1

      de9d862086de79cceae300e7f9d16cb7bef2f72f

    • SHA256

      1ed594cf043e2d668b317b459f232dc4fbe9d487b292a3d31af01d47ff8f6940

    • SHA512

      4d3bd6c106d6853f3a971233bf77f351ddbedf41f1dc3fcd4969a6b63aa0d1c3a8fa40b4c0e54222675de4852b7f0122771b2e02501d0bc2432a2a59b57b4f15

    • SSDEEP

      24576:UuDXTIGaPhEYzUzA0qr7lMaLBsw6oi0WO8K1/bMoyKoB10nv7gl:zDjlabwz9A1sw6oi0UeMoyjB10nDgl

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks