Overview

overview

10

Static

static

9cf082ab91...f8.exe

windows7_x64

10

9cf082ab91...f8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8

  • Size

    140KB

  • Sample

    210508-x9emlg4znn

  • MD5

    7deecd28ccb949d5c855dacc980298f2

  • SHA1

    3a5cdb7227fdf47ded4ff1fe1dd38cfa502eea84

  • SHA256

    9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8

  • SHA512

    f1d1b66497bd2deea07392cdafe5a07284cdbba2e9e9c17978d35a7094d605b40e525222759e64d473d13b0356e344c0e3efed16bc5a6e14b380b67b5c9b452b

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=16HNLjxnV8VDMTThcctq09H1-RlR7b_vX

xor.base64

Targets

    • Target

      9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8

    • Size

      140KB

    • MD5

      7deecd28ccb949d5c855dacc980298f2

    • SHA1

      3a5cdb7227fdf47ded4ff1fe1dd38cfa502eea84

    • SHA256

      9cf082ab9112e7e03fcbfa7d20a1f7c10c4eaafd8fe2c59aef527dc8dac58ef8

    • SHA512

      f1d1b66497bd2deea07392cdafe5a07284cdbba2e9e9c17978d35a7094d605b40e525222759e64d473d13b0356e344c0e3efed16bc5a6e14b380b67b5c9b452b

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks