Overview

overview

10

Static

static

8

wtf.xlsb

windows7_x64

10

wtf.xlsb

windows10_x64

10

Resubmissions

16-04-2021 12:57

210416-1pvmlpjz6n 10

16-04-2021 12:37

210416-q2sn5kx4aj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wtf.xlsb

  • Size

    66KB

  • Sample

    210416-1pvmlpjz6n

  • MD5

    737f89da37437a70062111ad8ad73e66

  • SHA1

    5ea2e0c8c4be4316f6b3c6fdb726712eb544173e

  • SHA256

    06cca99c7276b0900994160df03abf629a26a97f73da9e327ea775d19d7bb305

  • SHA512

    ed4144114177ff748cd74c0090fb6649e7ec3cb0a72360c5a1b8717f1d4b40f93ed1d629773da65539eb5f446e9c7d21c8dea8713b41286823acb961aec30dc1

Score
10/10
guloaderdownloaderguloadermacro

Malware Config

Targets

    • Target

      wtf.xlsb

    • Size

      66KB

    • MD5

      737f89da37437a70062111ad8ad73e66

    • SHA1

      5ea2e0c8c4be4316f6b3c6fdb726712eb544173e

    • SHA256

      06cca99c7276b0900994160df03abf629a26a97f73da9e327ea775d19d7bb305

    • SHA512

      ed4144114177ff748cd74c0090fb6649e7ec3cb0a72360c5a1b8717f1d4b40f93ed1d629773da65539eb5f446e9c7d21c8dea8713b41286823acb961aec30dc1

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Guloader Payload

      guloader

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Use of msiexec (install) with remote resource

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks