General
-
Target
a3c3fcc02a6ad19d388304f15f2b9661f46a24c2151e9e725db514e8a69c8f6a.exe
-
Size
624KB
-
Sample
241205-txyqyaylhj
-
MD5
f08d6545c74d5a429d8225885b81f55a
-
SHA1
f95b76f2d791105cd9c942c704fbf223d27892ad
-
SHA256
a3c3fcc02a6ad19d388304f15f2b9661f46a24c2151e9e725db514e8a69c8f6a
-
SHA512
325f87497a9994b4213eb14bde7e62aa586644a6eba0ef3323a095e4f1d4f43547e6f1363079df165a2c2ec39853ce22d4617eaa05676bd61ec745d852e92fc6
-
SSDEEP
12288:B/tGh4HqBbV0/tQv6o1xMKZoRmpfSJ9OI1rbIAPxEq:BQhW9/66mMK2kpaJdbpPxX
Malware Config
Targets
-
-
Target
a3c3fcc02a6ad19d388304f15f2b9661f46a24c2151e9e725db514e8a69c8f6a.exe
-
Size
624KB
-
MD5
f08d6545c74d5a429d8225885b81f55a
-
SHA1
f95b76f2d791105cd9c942c704fbf223d27892ad
-
SHA256
a3c3fcc02a6ad19d388304f15f2b9661f46a24c2151e9e725db514e8a69c8f6a
-
SHA512
325f87497a9994b4213eb14bde7e62aa586644a6eba0ef3323a095e4f1d4f43547e6f1363079df165a2c2ec39853ce22d4617eaa05676bd61ec745d852e92fc6
-
SSDEEP
12288:B/tGh4HqBbV0/tQv6o1xMKZoRmpfSJ9OI1rbIAPxEq:BQhW9/66mMK2kpaJdbpPxX
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Blocklisted process makes network request
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$_12_/Crystalizer.Syn
-
Size
53KB
-
MD5
b6a2296e8b10cd624e538e4d115344d2
-
SHA1
a121b8415406491326ff8a15af93fc8b6c1657d9
-
SHA256
13b35482d6f13a556d05c3eb00235ccc32138ae94f7d3fe3917081c35adc7925
-
SHA512
ad216d5308e80a366f6c28ec7a676b187971199c4d8c15b1b7511528c78768d588fb445f86ea2520e930f018bb9b51153b2bd9f39951ff04118e2e68e8634815
-
SSDEEP
768:wb1O/6RzqkLJTDPIXnSKNAN/4cApjyXywI+d55HNMdaTxZMaEugsLpgDfK/97cFI:wA/6TVPUnSkKgc8yiwT7HhVZMDeaEH
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-