Overview

overview

10

Static

static

1

2fae0d8ced...a9.exe

windows7-x64

8

2fae0d8ced...a9.exe

windows10-2004-x64

10

Bredsvaerd.ps1

windows7-x64

3

Bredsvaerd.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fae0d8ced77e402210070aeac334a00d630e5d9afaf759e92220a43e4647aa9.exe

  • Size

    1.1MB

  • Sample

    250111-dajqhaspfj

  • MD5

    973938878b8829539ece59580fa38d52

  • SHA1

    f17a983c816cc780138c32ccd8539d45aa90f17b

  • SHA256

    2fae0d8ced77e402210070aeac334a00d630e5d9afaf759e92220a43e4647aa9

  • SHA512

    6a75b87931446c517e9e374da662253596f17999cb87bb7dbaeb25b688027ce6812608fb55984e60826767ff5e73331ae06b37bf5a7325252353858a96529844

  • SSDEEP

    24576:AS8Rx51eg82JyXV2GFhq8oOQxdVo18vBtpPibY1:ezCOsl2GFhWOQxdGctwI

Score
10/10
guloaderdiscoverydownloaderexecutionpersistence

Malware Config

Targets

    • Target

      2fae0d8ced77e402210070aeac334a00d630e5d9afaf759e92220a43e4647aa9.exe

    • Size

      1.1MB

    • MD5

      973938878b8829539ece59580fa38d52

    • SHA1

      f17a983c816cc780138c32ccd8539d45aa90f17b

    • SHA256

      2fae0d8ced77e402210070aeac334a00d630e5d9afaf759e92220a43e4647aa9

    • SHA512

      6a75b87931446c517e9e374da662253596f17999cb87bb7dbaeb25b688027ce6812608fb55984e60826767ff5e73331ae06b37bf5a7325252353858a96529844

    • SSDEEP

      24576:AS8Rx51eg82JyXV2GFhq8oOQxdVo18vBtpPibY1:ezCOsl2GFhWOQxdGctwI

    Score
    10/10
    discoveryexecutionguloaderdownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Bredsvaerd.Cop

    • Size

      53KB

    • MD5

      c556c0c8c2ec04a75e7c7c3a2f97129f

    • SHA1

      bd35a6371a4550ce15dd53928da6cc7b4ad008c1

    • SHA256

      a45adf7a90cba3399fa70a4730d308b1fce47367c81a7f379f3b45d5eb2f4475

    • SHA512

      b19b59a22651fd889f04ec40a625aef213dba51ea0a8ec2ba24f40f87589ed013ffdb4432d0dd3cc90287e9a73cba52114849542617c376ce5fcfc5cedfec8ec

    • SSDEEP

      768:tjSc3aZguzsPXToIx+pUOugyGKxggqY/L078BxQE+++FoMoNGmxLenLYuI9jzgAd:xj3aZXwXT+OhByvcjNGmdeL+yAQI6+

    Score
    8/10
    executionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks