guloader | 441501f1e794442955179969cfe9c56f4fa9e54f69c708550728b65ad23cb460 | Triage

Analysis

max time kernel
77s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
21-04-2021 09:29

Sharing

Report Analysis Logs

General

Target

VIALES Y OBRAS PÚBLICAS, SA,OFFER 16521.exe
Size

184KB
MD5

c9cf58373c890b36e74ac421cd548bd0
SHA1

66a1507aedc3c3d00165905c6a1ad6ed419a6dbd
SHA256

059f1705efbfd4bcc855b0ff6781e4bc9186e5d1e67229032229f1c36950bd44
SHA512

f8b7072d0475465afc75d1ad4ac3263c5c509d03a05e5ec13bde5946ec9f1939531db57fb7a3ef620b319cd6283589a191585a60f2c73b4cba17bec1c87d4cb7

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2204-116-0x00000000001C0000-0x00000000001CC000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

VIALES Y OBRAS PÚBLICAS, SA,OFFER 16521.exe

pid process

2204 VIALES Y OBRAS PÚBLICAS, SA,OFFER 16521.exe

C:\Users\Admin\AppData\Local\Temp\VIALES Y OBRAS PÚBLICAS, SA,OFFER 16521.exe
"C:\Users\Admin\AppData\Local\Temp\VIALES Y OBRAS PÚBLICAS, SA,OFFER 16521.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2204

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-116-0x00000000001C0000-0x00000000001CC000-memory.dmp

Filesize
48KB

Download