General
-
Target
0069a4e65eab3691e7edc6c19ef201b3e8ffa791.zip
-
Size
1.0MB
-
Sample
250224-mv59nsxrz4
-
MD5
1d34c86e224e425d81639d930dda2ee1
-
SHA1
0531d2716144725ae5a6dfb3f5f71303ee44c204
-
SHA256
455a2271560a8530038bc1b6fb18ed705717f38df2e6f513e4958c822b7430aa
-
SHA512
651c07c1fe16cd28e1ba48e94874308619348f60c11ba8f8d2433e8b9bd6f88beb3912e34808cb3aa726cd8baca99a08cc49685d62ad0320f803e2036ce1732c
-
SSDEEP
24576:fUD6zCLmieB67kd4ZRkn5VL7VZX0p8we5JQZDVTVQ8q0Adjo5UnP:f1CKEQt5VL7VZEw5yVQytinP
Malware Config
Targets
-
-
Target
Quote-SA05537809567875351061-24_pdf.exe
-
Size
1.1MB
-
MD5
6d1b8cf3d8c8411f6710eab0c6346867
-
SHA1
0aec013b46abde733174c5a5abca01640b33b7cb
-
SHA256
7d18061e683a3e165044a7d5bf52504689bbf240b4982300ebe2e6139b68596d
-
SHA512
46d29dc84e254fc2e87213e520a3632e2d3f2ee5f948e227ed265d1d661b26c9cff63e5220bd55bd8e2a0684a41099d63ec9dcb459c1f84bc8f621bf91f617a8
-
SSDEEP
24576:EQYne7k84uW9gRaFsjq5c3SddFDykNTwdQG9ik:qneo8QgRkl5kSdzDPwZi
Score10/10-
Guloader family
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
ee260c45e97b62a5e42f17460d406068
-
SHA1
df35f6300a03c4d3d3bd69752574426296b78695
-
SHA256
e94a1f7bcd7e0d532b660d0af468eb3321536c3efdca265e61f9ec174b1aef27
-
SHA512
a98f350d17c9057f33e5847462a87d59cbf2aaeda7f6299b0d49bb455e484ce4660c12d2eb8c4a0d21df523e729222bbd6c820bf25b081bc7478152515b414b3
-
SSDEEP
192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
Score3/10 -
-
-
Target
Aborning/Opsendelsens23.ini
-
Size
119B
-
MD5
0dfd1d30b78c8021d33b3478901b63b1
-
SHA1
1a868df6500d5fb7d080bfa650155a1bfad26036
-
SHA256
f50a383197fceea05d3d6116c15a9d0d5d37c17bcd2102181f0b38adc9728625
-
SHA512
bec4e688ef9033fc14dc65fef4a643fb5fb1459c1e7c5b8f67ebcc7f6d2ba38f3ad129b10dcc9ad92c489d168218378c9b478b9cea18a6ffd9865f0bfb96ed16
Score1/10 -
-
-
Target
Aborning/Porriwiggle193.jpg
-
Size
24KB
-
MD5
685927894a5dde45206a2b2144bfde32
-
SHA1
21fa068a05ae614b2301a65caf08d98c459fa742
-
SHA256
6204ffd93b3768a153b3f36201869e947e04c6a8d02b635be2f4fa3e6c21c1a9
-
SHA512
05159ffb1ba23a1745a7b559c4271971135fb4df3a2f8fef502e946d001aa02f4d1655826c30c3a6252e1684d30924df484d4b6c3c461991e7614f9aeb304674
-
SSDEEP
384:OdRxiy/l25WYBZlUAJ0W9RanPVRObZgFvtCPvFmi3PQ3CM75B83zDf/ecPjWMe6E:Ol2fBZaAYPVRSZgFvtCPFQ3C64LWWK9r
Score4/10 -
-
-
Target
Aborning/Ramesside/Retransmute/swamies.txt
-
Size
231B
-
MD5
3fda70bcb54a4b3edbc6e3c1ca607e94
-
SHA1
c5e302ff9997b2a464b8e54b5740520eeebd4bc8
-
SHA256
b30674f9e78c183255769c5ae39f04001a26a88edea20eab04c57aa93d6a42fe
-
SHA512
169fb2dcd1e8f7401928c6e2a3a40f6a6253eccdbab1d2ac5b48dc45ec152ecfaf823a53b12517226a9feb808d758f1c4c0c4a4f3b015603b45e94c69911ada4
Score1/10 -
-
-
Target
Aborning/Ramesside/Retransmute/tonsenes.dru
-
Size
5.0MB
-
MD5
c9d4c5528d909fdac0389363a06a4c6b
-
SHA1
b2835ad12458651741a74394b56bb18923608ce1
-
SHA256
2ef96f769ea53fbf25a97d97a05af3289b8a7db0cd9ed050c364da550bcc5007
-
SHA512
a8ae0fe64defce3301bb99d17d6c8ae884d17e10046f297e43a8c5e102badcb8e65b56591ad63a6b96e708a05fff7cde401d733174d8a79751fde6ebf63c0889
-
SSDEEP
24576:gW4li6RmUo17heBnQjkX5LFJQvSa1agpqoJ3BTWRDiqFayndhtetaitBu5YFUlLx:m
Score3/10 -
-
-
Target
Aborning/Ramesside/hundesldens.ind
-
Size
4.6MB
-
MD5
d1783031e8ce5f29e091d2742bfda8a3
-
SHA1
3cb00375ea18c49fbd31d3bcb848453525d1b3dd
-
SHA256
1b499d338ac89d884c0cbfc4393e25d8e0cb7fb80822f0dc9780c889e3e16260
-
SHA512
2c9ff5e4296d910262be55f5d2eeef11ad3b9b4bea24f37a1f546190bff0f347969cdfa5157fd695752683cd2f67cb60d197d5e09c874b4b639749cdc7003589
-
SSDEEP
192:GnO/Un6i+PmfKeWyHoStYBgn7QKkEC/LfVut1wVQBqFZtKasPnEZayWjm:esOoNZyoR8RCjVut1k2qFWasPnYaBjm
Score3/10 -
-
-
Target
Aborning/Ramesside/myriapods.txt
-
Size
347B
-
MD5
381101850edd3952d373ec3c438970ce
-
SHA1
c1cfaf929f8268b7e8513d2d6c88e39ad498ae2b
-
SHA256
22a14bc9282383a109c299b03b940663aeb58d7298a4111e4742ff4d50e0f638
-
SHA512
f4103f70f0427044cb24d866e8c17d5c41f9df8a1f5dbdadbb6524ccd45397eccfccf727005e3cabaee94e813848e3d18be17b2b718351a0434cb0b17c21b167
Score1/10 -
-
-
Target
Aborning/Ramesside/romanidealet.jpg
-
Size
21KB
-
MD5
bb7a7672168ca422c5b98cae97afd5a3
-
SHA1
4abc5f688e06153f5fe527d57995de0bc2970a4f
-
SHA256
aa30486a12459e450f277a5db3dce6853aa93640dd24547495def28ccb5392bc
-
SHA512
e4ba80612e3a283b3299a54c1609049147b72a2388307ca18537aba3e5b4e056491a4a4b872b343a8fefcebb2b735b1c396d61a08f01066690a3041b80d4d821
-
SSDEEP
384:Bb2Pm6PLLZOua+qcSvOlK23GovC4bT+G07vCOcRC6TsJGQ6Z5iUEmVr:Bwnza2OYB3GPIT+F7bcRVkGQK5iOt
Score4/10 -
-
-
Target
Aborning/Ramesside/spermatozoic.txt
-
Size
684B
-
MD5
393ccd8a7597bfb1f852db765b7b89b6
-
SHA1
28516cad3aa62c93a9e19735285ddd5d1f5f595c
-
SHA256
2f63821cde8a017757afb0f95570908690e3fa98a57aa6d442c1cae4e6bf8920
-
SHA512
0363fdb11d48e34bfdea41c2c292a58f3efcd7f4d69780df2675df38687f6f5cc4527ed45595e594800932c053cff0c0c4b5d52404a9bde8fb341d5bf1c711ed
Score1/10 -
-
-
Target
Aborning/Ramesside/springsttte.cal
-
Size
699KB
-
MD5
86479a9fdfdf8ee27def4f2708f32020
-
SHA1
56c8808936d5786e291a2c77a677318b95249416
-
SHA256
49ecd1bc5e44829504a5e8ef39ae6506fde9d63e82e80a8d9d7cde358a9e583d
-
SHA512
c1b681dc682a3994d31f35d7b35774406c4dff076d03738489971bcc027a1787e90500447989bce34e4718d0e4b11b650618de9828e3ab08e79e4c587063482f
-
SSDEEP
3072:dkMOReTUx6STHY2hAn5YTQ2afOQ1nplC7RnUA7V2nQ25MMgLACdt:lORP0Khhuz2N71EHgLN
Score3/10 -
-
-
Target
Aborning/Ramesside/sumlinie.ini
-
Size
340B
-
MD5
48e74f556bf02234a4aacfa0ad1de117
-
SHA1
7a36706a6667f1a4e85d8ea0bcf1200c1ba04f33
-
SHA256
9bd90300c1ec540c9b695ba5c4efa028084396912463260457f8b6f7b0937cdf
-
SHA512
63993601e6b741b07b1ee96e27b49638c18689058712bb3906622a3bbbdfb8b53df6296c8948d34d0c9a721404726249d22dfc33a75d817691c1b755dcfa128c
Score1/10 -
-
-
Target
Aborning/Viljefastheden188.txt
-
Size
297B
-
MD5
145d01bab117edd1adc3d17ea631b784
-
SHA1
c7ca97054056119078cef1fdee37574123802524
-
SHA256
3c50d902b65a5e1751c97053c2ffcf082d9b0208fc8071c29a1bdde69751c366
-
SHA512
13d038fe9a8f93d7efcdca39e0f18e37a53eff7c1a6dece5972cf17d43e2e9fd98f96b0d4867d188933f550e076bbb27ed11d7b937902f4c170b6d84fb190205
Score1/10 -
-
-
Target
Aborning/enrapts.txt
-
Size
280B
-
MD5
f48b77dcfefa51da255865c710912cad
-
SHA1
89a71a1a2fb39f2e38ed1671e9f8e3650a5dc6d6
-
SHA256
2e1057d940570977a6a0b6970e23305b5a24189f7f461123ffca67f8a98a3a66
-
SHA512
acb821a8fb59de9af81d8a4bd8d02a4edeec93e3b9927cb4e324d00e0adb23c875e45e2c37992e70ed8031989c74e9a0b6701684952c04ab238b357e5b39a77e
Score1/10 -
-
-
Target
Aborning/fiskefrikadellernes.sej
-
Size
1.6MB
-
MD5
454478452bb337ea3ccfac2f770e8bf1
-
SHA1
98546d044240a9fa7cb587d63778d0090eedb4e1
-
SHA256
5f10fe94c897b947c37258652b64150df4732fc635601bddba2b8507df71d531
-
SHA512
7eab9edf076aa7322961330d788ea6cfe975ab58f09b929b1574ac939acdba48d7517e64a44745b207064995fa3f9e6a3c0d33b8776c4183adfede0cb6a34c4a
-
SSDEEP
1536:olQHLPwK1QgewZgP1T6c8aH7BfBkhcD1TN5fob1QvG5l9CsOkQfDvtnQzTncLrpP:Ezp
Score3/10 -
-
-
Target
Anisbolsjet166.ini
-
Size
513B
-
MD5
1cea448ab61720557780d2dfe323edd6
-
SHA1
7a845a38928be4d24d0dfd6145c21a7f205f5a97
-
SHA256
15d7687355656e159a2b05f0cbb3b5c052edf53a11630a1952a40bc364b7cb9c
-
SHA512
9ab4ac56f12dfaf9ed2574f6f1ad60f3939837c0252e63b9106b796676c5e1ffd87422c8e88944be7eb99690d438e6163677d125b06f1ddb61dfe59bb86047df
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1