Analysis
-
max time kernel
73s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
16-04-2021 14:50
Static task
static1
Behavioral task
behavioral1
Sample
Finanskoncerner8.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Finanskoncerner8.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
KOPEKER.exe
Resource
win7v20210410
Behavioral task
behavioral4
Sample
KOPEKER.exe
Resource
win10v20210408
Behavioral task
behavioral5
Sample
PARAHEMATIN.exe
Resource
win7v20210410
Behavioral task
behavioral6
Sample
PARAHEMATIN.exe
Resource
win10v20210408
Behavioral task
behavioral7
Sample
Unparticularizeds.exe
Resource
win7v20210410
Behavioral task
behavioral8
Sample
Unparticularizeds.exe
Resource
win10v20210410
General
-
Target
Finanskoncerner8.exe
-
Size
116KB
-
MD5
bfdd11a5b22a9e083bc64519919a43f7
-
SHA1
e9952fcb7e505efbccab621a139bfceb832f4ccc
-
SHA256
e8c3e5c0af5316b99c5912ffdb8495c82a9c143a19f977dc6cb12f66e73ba8d5
-
SHA512
bf10cb4881aff185023e1e197b2b98b3063a4742cade04953b2155b9a6c9e6bd47d46a95a0cf859f60c854c95d3db4760a7b69622a132fc9d63dc6a40ee0f4d2
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/308-62-0x00000000003E0000-0x00000000003EC000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Finanskoncerner8.exepid process 308 Finanskoncerner8.exe