General

  • Target

    Pollist.exe

  • Size

    768KB

  • Sample

    250506-kw8p3sbq6v

  • MD5

    934cb77c9520033ab31ae23852b43c03

  • SHA1

    642e2fb3a66810ad37804ea006bc00d3291ec04e

  • SHA256

    efa391c33dd89d4fdd615ea206c807d928db1068e0d8132c68528046c5f377ab

  • SHA512

    5ac8c2d22164a06f26c52cd380fc053939f777a97cf63d3548985d0f90246aee2a189e3934863bca77e1301aa0b9c66bb1ae921d67c376d99aee875edf6bcea8

  • SSDEEP

    12288:uI8md7NV6SpUbKe9ponWuvsfte2TibtbMxB0HdraER/tK4s3r15i:vd7NV6SpUbKe9p1fhihM29R/ox3rO

Malware Config

Targets

    • Target

      Pollist.exe

    • Size

      768KB

    • MD5

      934cb77c9520033ab31ae23852b43c03

    • SHA1

      642e2fb3a66810ad37804ea006bc00d3291ec04e

    • SHA256

      efa391c33dd89d4fdd615ea206c807d928db1068e0d8132c68528046c5f377ab

    • SHA512

      5ac8c2d22164a06f26c52cd380fc053939f777a97cf63d3548985d0f90246aee2a189e3934863bca77e1301aa0b9c66bb1ae921d67c376d99aee875edf6bcea8

    • SSDEEP

      12288:uI8md7NV6SpUbKe9ponWuvsfte2TibtbMxB0HdraER/tK4s3r15i:vd7NV6SpUbKe9p1fhihM29R/ox3rO

    • DarkCloud

      An information stealer written in Visual Basic.

    • Darkcloud family

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      143e45d5929ba564ba0c3a0773be76e6

    • SHA1

      c7e108ad681dd19afc646a43f7ce757388653f57

    • SHA256

      8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d

    • SHA512

      1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003

    • SSDEEP

      96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks