guloader | 6bc49b98bc688551d9a121f52fa2c59f49c1b2e934a35ebd2a11d3c8fcd7ce5e | Triage

Analysis

max time kernel
100s
max time network
10s
platform
windows7_x64
resource
win7v20210408
submitted
21-04-2021 13:42

Sharing

Report Analysis Logs

General

Target

11.exe
Size

188KB
MD5

28c0199f1fa8ae9a5ccc474c831c0ecc
SHA1

81fc34a777caf5ab9163f29e34d8b6ed144a88ed
SHA256

6bc49b98bc688551d9a121f52fa2c59f49c1b2e934a35ebd2a11d3c8fcd7ce5e
SHA512

1f87b45c4213935c8fdc19c8e361b35de971c87fb0cf3a1685b7547139a5a36a4e847ea1b791d34787380ca377d92bdae66a90ab0078406ebc6c91eda4f80e2b

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1652-62-0x0000000000300000-0x000000000030C000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

11.exe

pid process

1652 11.exe

C:\Users\Admin\AppData\Local\Temp\11.exe
"C:\Users\Admin\AppData\Local\Temp\11.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1652-62-0x0000000000300000-0x000000000030C000-memory.dmp

Filesize
48KB

Download