guloader | 95a1ff3f5d08ac3d0dfe64300eec668fa0c78bdb7da395f1d91735c5a0aef8a5 | Triage

Analysis

max time kernel
71s
max time network
70s
platform
windows10_x64
resource
win10v20201028
submitted
24-02-2021 17:33

Sharing

Report Analysis Logs

General

Target

5d2d34449323c67ba1f5ec7561df2204.exe
Size

128KB
MD5

5d2d34449323c67ba1f5ec7561df2204
SHA1

a48c7f51db44ca8a2b0240d9c57c1983ac5d75dd
SHA256

95a1ff3f5d08ac3d0dfe64300eec668fa0c78bdb7da395f1d91735c5a0aef8a5
SHA512

28b4c6df609084045f866686e559c7771b6455bc8fde56942f9422265c6ed2acfe12ef383c23225ad171d9d7ba22efc9ef7137c069070812af798edaa8ae6d73

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1108-4-0x00000000001C0000-0x00000000001CC000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

5d2d34449323c67ba1f5ec7561df2204.exe

pid process

1108 5d2d34449323c67ba1f5ec7561df2204.exe

C:\Users\Admin\AppData\Local\Temp\5d2d34449323c67ba1f5ec7561df2204.exe
"C:\Users\Admin\AppData\Local\Temp\5d2d34449323c67ba1f5ec7561df2204.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-4-0x00000000001C0000-0x00000000001CC000-memory.dmp

Filesize
48KB

Download