General

  • Target

    ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip

  • Size

    634KB

  • Sample

    241224-ahy9dawlcy

  • MD5

    c9936b02187f484ce22f89470f80cdeb

  • SHA1

    8d97f4b6f142d623173ed6bbb02b27d6fdb60a7f

  • SHA256

    bf64141d69992e8ea43fad5e54127333c0f0613b193c43db36035c8cffdeecde

  • SHA512

    31292c430a3b495584ca52c8197e1c7d628c9f478d98eae46ea46a4d949a5ca3591492b82c8c10585d9cd6e10cb89758d83d5a17954084ab07ef9780867c5f44

  • SSDEEP

    12288:eZauYlUlJ7BB+5XsWg0L1LWphIKJYg+1I//CzIrUOGlGGVqnPxniyiQLRXXm:iaJOlp+dHxL6IKZ/0yUOGlF8i+dnm

Malware Config

Targets

    • Target

      ARAH%20BME%20SDN%20BHD%20INV%20STATEMENT.zip

    • Size

      634KB

    • MD5

      c9936b02187f484ce22f89470f80cdeb

    • SHA1

      8d97f4b6f142d623173ed6bbb02b27d6fdb60a7f

    • SHA256

      bf64141d69992e8ea43fad5e54127333c0f0613b193c43db36035c8cffdeecde

    • SHA512

      31292c430a3b495584ca52c8197e1c7d628c9f478d98eae46ea46a4d949a5ca3591492b82c8c10585d9cd6e10cb89758d83d5a17954084ab07ef9780867c5f44

    • SSDEEP

      12288:eZauYlUlJ7BB+5XsWg0L1LWphIKJYg+1I//CzIrUOGlGGVqnPxniyiQLRXXm:iaJOlp+dHxL6IKZ/0yUOGlF8i+dnm

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks