General
-
Target
307b13c2f8002e88af027d2c549936d08a47d1e3bfa96174d0b5b6cc749f7c3d.exe
-
Size
668KB
-
Sample
250214-c678asyrbk
-
MD5
bbde90d159fa822e342aab15eb33b839
-
SHA1
57386d4b07b978892afce671e674581e300c4593
-
SHA256
307b13c2f8002e88af027d2c549936d08a47d1e3bfa96174d0b5b6cc749f7c3d
-
SHA512
c548f31ca9150e509761338f87edba9fa85dced7afcd2c7e8209feb48ceaf4397b3627c36dbfae5e01cf2faed45e056824cd746bc125b29e4a6de75e2bd3f45b
-
SSDEEP
12288:hDG4hAuAs9Mp4wSjEL0K5dmMiP1FuCdhq2PtqBA3O:t2nsGej65P2F9Vd+
Malware Config
Targets
-
-
Target
307b13c2f8002e88af027d2c549936d08a47d1e3bfa96174d0b5b6cc749f7c3d.exe
-
Size
668KB
-
MD5
bbde90d159fa822e342aab15eb33b839
-
SHA1
57386d4b07b978892afce671e674581e300c4593
-
SHA256
307b13c2f8002e88af027d2c549936d08a47d1e3bfa96174d0b5b6cc749f7c3d
-
SHA512
c548f31ca9150e509761338f87edba9fa85dced7afcd2c7e8209feb48ceaf4397b3627c36dbfae5e01cf2faed45e056824cd746bc125b29e4a6de75e2bd3f45b
-
SSDEEP
12288:hDG4hAuAs9Mp4wSjEL0K5dmMiP1FuCdhq2PtqBA3O:t2nsGej65P2F9Vd+
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score8/10-
Downloads MZ/PE file
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2