Overview

overview

10

Static

static

3

SP-Shippin...BL.exe

windows7-x64

10

SP-Shippin...BL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_d27835b1982006dd6b5e51c6c3887ac1

  • Size

    76KB

  • Sample

    250109-z1gjqatkep

  • MD5

    d27835b1982006dd6b5e51c6c3887ac1

  • SHA1

    477bb00ca1e2f3b5771ddc39f4213e5565b97295

  • SHA256

    106687482c193e1bd6ac34f13fc1f0595fccf7abcb8e9b4847ec9634fc8babf0

  • SHA512

    c62350623f9a3746541c62cadf8da86d701d41f03ac805f92207833a74526a49606acde41735eaef96be1f169d5ce51ffd9dfbf26f50e25550ed5a2f78cf13f9

  • SSDEEP

    1536:ZfaLvddHHefjpN3AHnvJ6XaHrUis11pwcZOLMc5/5bZj2Fhpi1gbR8N0x0c:8vDHHefrAHnvsaois11bZOYE5ZjuprOQ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      SP-Shipping documents (draft) last revised -10-19-2021 INV-OBL.exe

    • Size

      120KB

    • MD5

      68b5868a0f8dcc5bb355d9e73ac64da0

    • SHA1

      57ec2392ba652da55ad489d9354e3c95b2c64b84

    • SHA256

      bb4b01362e9853ff32c6e009a6f72e35196379261e2cf36b1646bf187513667b

    • SHA512

      a91e0e66ebb79db563f596246ad60f69f62188f5038d7e17a634a47f7ec9531bbd5800b4f1d89775c0887bbd59ae4b78ebd2663d49feae3343766e8d43f4d895

    • SSDEEP

      1536:zDk/H7GqGMgiMccSfSfShP+GzcVpDnWz2lO4U/Dk:zYyqGMgiM6fSfSYs6RnWMU/Y

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks