Overview

overview

10

Static

static

63b5c9b0e2...cd.exe

windows7_x64

10

63b5c9b0e2...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd

  • Size

    96KB

  • Sample

    210505-9116m88g32

  • MD5

    6069bf9742a8ce15f44e35405c861540

  • SHA1

    f3a763465ca3f12b00955d3a1d017b3a2d47049d

  • SHA256

    63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd

  • SHA512

    7b3e467510d93f3c65d893fee5d58aba66754543232df8d1c05fa32a96299cb8a5df49a89fac469e784f1625cb70c26802fd799ca5c6e5095b334c1c04c462a1

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

http://172.93.162.253/bin_WJoRuvaovF116.bin

xor.base64

Targets

    • Target

      63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd

    • Size

      96KB

    • MD5

      6069bf9742a8ce15f44e35405c861540

    • SHA1

      f3a763465ca3f12b00955d3a1d017b3a2d47049d

    • SHA256

      63b5c9b0e21398b428814cc2f391397ce81342682a0be100c5d5d50a846d56cd

    • SHA512

      7b3e467510d93f3c65d893fee5d58aba66754543232df8d1c05fa32a96299cb8a5df49a89fac469e784f1625cb70c26802fd799ca5c6e5095b334c1c04c462a1

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks