guloader | 168ca422e4a4dc429c9fb4a65cdd1b3f1f32119475581b3d00c94ff6e4a82f77 | Triage

Analysis

max time kernel
53s
max time network
110s
platform
windows10_x64
resource
win10v20210410
submitted
21-04-2021 10:07

Sharing

Report Analysis Logs

General

Target

faktura_fk.exe
Size

204KB
MD5

66fb235f133e2f690184675fe27bcc32
SHA1

12f471ad9d4f8ef90cc548d1e0eb498c12ed0230
SHA256

168ca422e4a4dc429c9fb4a65cdd1b3f1f32119475581b3d00c94ff6e4a82f77
SHA512

1dd20f688ab25131fc8b9c8a2b68d87f468e45ae7b69594e78012353aad2cbde1c3f82f9eecb605d1787e56c9b7b26dfc6f4abc2164d1b347d08516824b8aa8c

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1908-116-0x00000000001C0000-0x00000000001C8000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

faktura_fk.exe

pid process

1908 faktura_fk.exe

C:\Users\Admin\AppData\Local\Temp\faktura_fk.exe
"C:\Users\Admin\AppData\Local\Temp\faktura_fk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1908-116-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download