Overview

overview

10

Static

static

1

be0fbc1afb...50.exe

windows7-x64

8

be0fbc1afb...50.exe

windows10-2004-x64

10

Resultatop...de.ps1

windows7-x64

3

Resultatop...de.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50.exe

  • Size

    669KB

  • Sample

    250111-fmryravnft

  • MD5

    cdde73a8f16b1279010f660e5ab67903

  • SHA1

    9257099b42e772eed82b5e488d44fe7422a8c43d

  • SHA256

    be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50

  • SHA512

    c99a18aafa31dd36c3884d65b67116eeadcd4f3c629ad75ec4733c48af2666c46ff99cb5a3dfe9632f8ae27960fc335b3a95314b2a819597f717f8be9b3cee7f

  • SSDEEP

    12288:Y2QJ9o2sW3B9o2G2/6SkwBUuUGL75w03eB9iDyZ/oDck6qlVhyWjX53XObV:Yv9o2sW3B9oV2iSkwBUuV7+3B9ifrlVY

Score
10/10
guloaderdiscoverydownloaderexecutionpersistence

Malware Config

Targets

    • Target

      be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50.exe

    • Size

      669KB

    • MD5

      cdde73a8f16b1279010f660e5ab67903

    • SHA1

      9257099b42e772eed82b5e488d44fe7422a8c43d

    • SHA256

      be0fbc1afbc35ae095067c50dbd7cbc61451663c3d9821377bb15febcdfbcf50

    • SHA512

      c99a18aafa31dd36c3884d65b67116eeadcd4f3c629ad75ec4733c48af2666c46ff99cb5a3dfe9632f8ae27960fc335b3a95314b2a819597f717f8be9b3cee7f

    • SSDEEP

      12288:Y2QJ9o2sW3B9o2G2/6SkwBUuUGL75w03eB9iDyZ/oDck6qlVhyWjX53XObV:Yv9o2sW3B9oV2iSkwBUuV7+3B9ifrlVY

    Score
    10/10
    discoveryexecutionguloaderdownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      Resultatopgrelses186/Sidelbende.Kar

    • Size

      55KB

    • MD5

      57c63a0ab9d88e2b534816f9a1f1dc63

    • SHA1

      a0baa5d70fa61fbbb4c41f76b67a71c5356dbc06

    • SHA256

      501abd115bc94a28b8eda5115ada6c9898f2142ba2d4d751d8e34ed50c59a21c

    • SHA512

      97e311a42c02e6aee32d0d07f5a5fe0781e0dcf5aa71ac6420094134c1d6e2831d76e57a15cd26b9e5032813cadd338101542ddeba74bd991a0f35e378a886be

    • SSDEEP

      1536:oVjo8ExmifsJ7BLrqJQjBKeJXIusH7QDSXzNzFlSQe:EurfszLRjkoY9H7ySXwQe

    Score
    8/10
    executionpersistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks