guloader | 3a51813adeabd17d4939280137288152b2a3f25f7bf9e738c8f25df5ef49be31 | Triage

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7v20210408
submitted
23-04-2021 12:16

Sharing

Report Analysis Logs

General

Target

4b7687321980c96093c8e6a43b764728.exe
Size

96KB
MD5

4b7687321980c96093c8e6a43b764728
SHA1

5e27cc0eddb8646e26b72a7ff4f608df45c0eb8a
SHA256

3a51813adeabd17d4939280137288152b2a3f25f7bf9e738c8f25df5ef49be31
SHA512

17ea0dbc1e4144bafd45fc7683ce6d8bf1a43610a5abb11f70593f1e33b668c2a0e18c98398351af6c8b659be7256db82f8c1c4c988046258d4d5ad7996526c4

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/784-62-0x00000000005B0000-0x00000000005BC000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

4b7687321980c96093c8e6a43b764728.exe

pid process

784 4b7687321980c96093c8e6a43b764728.exe

C:\Users\Admin\AppData\Local\Temp\4b7687321980c96093c8e6a43b764728.exe
"C:\Users\Admin\AppData\Local\Temp\4b7687321980c96093c8e6a43b764728.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:784

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/784-62-0x00000000005B0000-0x00000000005BC000-memory.dmp

Filesize
48KB

Download