guloader | f47aa6c33b9ed88b37ff11e3715e75ca5a4fd3b40d0a1396699d03e6753f3fea | Triage

Analysis

max time kernel
40s
max time network
17s
platform
windows7_x64
resource
win7v20210408
submitted
23-04-2021 05:54

Sharing

Report Analysis Logs

General

Target

FVC 20002119.pdf.exe
Size

204KB
MD5

9bbb913533179e41212bab559f0dd978
SHA1

88d08a8363999ba5b3fc9e4a12de1c8e9d6051df
SHA256

f47aa6c33b9ed88b37ff11e3715e75ca5a4fd3b40d0a1396699d03e6753f3fea
SHA512

4e503911ad592c839892ebcac30ab4c62a08afb9fae3df7db5eb55a4e2bf6c41898aa7f4b9a308f5a61a46ef881bd0e89d1ee7db139864fe2c56013ccf083254

Score

10^/10

guloader downloader guloader

Malware Config

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader Payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1028-62-0x00000000002C0000-0x00000000002C8000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

FVC 20002119.pdf.exe

pid process

1028 FVC 20002119.pdf.exe

C:\Users\Admin\AppData\Local\Temp\FVC 20002119.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\FVC 20002119.pdf.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1028

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1028-62-0x00000000002C0000-0x00000000002C8000-memory.dmp

Filesize
32KB

Download