Overview

overview

10

Static

static

3

ARAH BME S...NT.exe

windows7-x64

10

ARAH BME S...NT.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ARAH BME SDN BHD INV STATEMENT.exe

  • Size

    658KB

  • Sample

    241224-blws4axpfr

  • MD5

    031bc337fabe49aac9c372f16825354c

  • SHA1

    7abb57546b33f2c3f91b2cc182186b0ed21b9544

  • SHA256

    8450066748c90f306e28dee0fd262b9b1b8ed05ef40a8ee07b37bc6d0ce16764

  • SHA512

    6fadb85a17597377a3a0c7c5ccb3d376412281be0ee166a0726fbf0ca18e2336002ca1adcb0822f360cda67661c5a6d5464e47aa1ebe3432ff8f5110bc5f13e7

  • SSDEEP

    12288:wYBmXiWKdcnBhdTjjnVc6TYIg742KaB4X+IOylpnSw:wYMyDeVfBcRIg74a48yh

Score
10/10
guloaderdiscoverydownloaderpersistenceupx

Malware Config

Targets

    • Target

      ARAH BME SDN BHD INV STATEMENT.exe

    • Size

      658KB

    • MD5

      031bc337fabe49aac9c372f16825354c

    • SHA1

      7abb57546b33f2c3f91b2cc182186b0ed21b9544

    • SHA256

      8450066748c90f306e28dee0fd262b9b1b8ed05ef40a8ee07b37bc6d0ce16764

    • SHA512

      6fadb85a17597377a3a0c7c5ccb3d376412281be0ee166a0726fbf0ca18e2336002ca1adcb0822f360cda67661c5a6d5464e47aa1ebe3432ff8f5110bc5f13e7

    • SSDEEP

      12288:wYBmXiWKdcnBhdTjjnVc6TYIg742KaB4X+IOylpnSw:wYMyDeVfBcRIg74a48yh

    Score
    10/10
    guloaderdiscoverydownloaderpersistenceupx

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks