General

  • Target

    2504ae284627bb65f3d2c32ba7d09f9d6f379eaa85a1712cb3a7cb66baf6a4fa.exe

  • Size

    813KB

  • Sample

    241206-mqnh3atkaw

  • MD5

    0526616c9a9fdaadbb1cb7de145cf45b

  • SHA1

    039f2c096d17540376434b4fd48038329b256e03

  • SHA256

    2504ae284627bb65f3d2c32ba7d09f9d6f379eaa85a1712cb3a7cb66baf6a4fa

  • SHA512

    4426fc30be5f3fa28076a14d0739d0f7d84be191d2a579e8e5cd2e2f4c35249ae9222bcbe5f4f03373232e3a8907444cdfdbf995e666f10d477b0119bfb566f5

  • SSDEEP

    24576:GT5ewakMlLQj9cFbRtjD6seSE94Zqq5uIum9u:Ub9ajDVum9u

Malware Config

Targets

    • Target

      2504ae284627bb65f3d2c32ba7d09f9d6f379eaa85a1712cb3a7cb66baf6a4fa.exe

    • Size

      813KB

    • MD5

      0526616c9a9fdaadbb1cb7de145cf45b

    • SHA1

      039f2c096d17540376434b4fd48038329b256e03

    • SHA256

      2504ae284627bb65f3d2c32ba7d09f9d6f379eaa85a1712cb3a7cb66baf6a4fa

    • SHA512

      4426fc30be5f3fa28076a14d0739d0f7d84be191d2a579e8e5cd2e2f4c35249ae9222bcbe5f4f03373232e3a8907444cdfdbf995e666f10d477b0119bfb566f5

    • SSDEEP

      24576:GT5ewakMlLQj9cFbRtjD6seSE94Zqq5uIum9u:Ub9ajDVum9u

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks