General

  • Target

    REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe

  • Size

    464KB

  • Sample

    241216-jhjcla1jhx

  • MD5

    fd9335d7160883534e42839297a65c7d

  • SHA1

    80cd18a77f7896e06adc5bb4eb544e6c7e5bad5d

  • SHA256

    7fccb9545a51bb6d40e9c78bf9bc51dc2d2a78a27b81bf1c077eaf405cbba6e9

  • SHA512

    18661ad7313f2d366083ac000e48e86bb8c5ec889494ade7488ef7dc81a97adc867753100517d5d86a2e76b283672e1c958811d7f0ffa735388aa88a1cd7dda8

  • SSDEEP

    12288:I5AzzWpSFt+rLm8vGaQ/Zwu7Jj1JK8s5FEeKW:ZzzMSFOLmQGaQ/Zwu7Jj1Jicev

Malware Config

Targets

    • Target

      REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe

    • Size

      464KB

    • MD5

      fd9335d7160883534e42839297a65c7d

    • SHA1

      80cd18a77f7896e06adc5bb4eb544e6c7e5bad5d

    • SHA256

      7fccb9545a51bb6d40e9c78bf9bc51dc2d2a78a27b81bf1c077eaf405cbba6e9

    • SHA512

      18661ad7313f2d366083ac000e48e86bb8c5ec889494ade7488ef7dc81a97adc867753100517d5d86a2e76b283672e1c958811d7f0ffa735388aa88a1cd7dda8

    • SSDEEP

      12288:I5AzzWpSFt+rLm8vGaQ/Zwu7Jj1JK8s5FEeKW:ZzzMSFOLmQGaQ/Zwu7Jj1Jicev

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Disables Task Manager via registry modification

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      ee260c45e97b62a5e42f17460d406068

    • SHA1

      df35f6300a03c4d3d3bd69752574426296b78695

    • SHA256

      e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27

    • SHA512

      a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3

    • SSDEEP

      192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.