guloader | 24e6133896e1047fa0c96363cb5690952fcb955394df33263fa03c6949fc4211 | Triage

Submit
Reports

Overview

overview

Static

static

setup_x86_...ll.exe

windows10_x64

Sharing

General

Target

setup_x86_x64_install.exe
Size

4.6MB
Sample

210630-h6h1ye7dvn
MD5

717b00e2800583105d50fea93c071c6a
SHA1

84ebb540c8f29a7f6bf61b6a07ca72b681388e59
SHA256

24e6133896e1047fa0c96363cb5690952fcb955394df33263fa03c6949fc4211
SHA512

545ff31d6f0a0e0f9250cd17e9c64cc2ad555338ea28ee4c29a8ccde3da378bb9e52b45984d0e7091089fb2352825691c67ed1b481f8de4f0eb43a2021be5098

Score

10^/10

guloader redline smokeloader vidar 706 domani aspackv2 backdoor downloader infostealer stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

setup_x86_x64_install.exe

Resource

win10v20210410

guloader redline smokeloader vidar 706 domani aspackv2 backdoor downloader infostealer stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

DomAni

C2

varinnitof.xyz:80

Extracted

Family

guloader

C2

https://cdn.discordapp.com/attachments/859444299618582560/859474854498271232/Heck.bin

Extracted

Family

vidar

Version

39.4

Botnet

706

C2

https://sergeevih43.tumblr.com

Attributes

profile_id
706

Extracted

Family

smokeloader

Version

2020

C2

http://ppcspb.com/upload/

http://mebbing.com/upload/

http://twcamel.com/upload/

http://howdycash.com/upload/

http://lahuertasonora.com/upload/

http://kpotiques.com/upload/

rc4.i32

rc4.i32

Targets

- Target
  
  setup_x86_x64_install.exe
- Size
  
  4.6MB
- MD5
  
  717b00e2800583105d50fea93c071c6a
- SHA1
  
  84ebb540c8f29a7f6bf61b6a07ca72b681388e59
- SHA256
  
  24e6133896e1047fa0c96363cb5690952fcb955394df33263fa03c6949fc4211
- SHA512
  
  545ff31d6f0a0e0f9250cd17e9c64cc2ad555338ea28ee4c29a8ccde3da378bb9e52b45984d0e7091089fb2352825691c67ed1b481f8de4f0eb43a2021be5098
Score

10^/10

guloader redline smokeloader vidar 706 domani aspackv2 backdoor downloader infostealer stealer trojan upx
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Vidar Stealer
  stealer
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderredlinesmokeloadervidar706domaniaspackv2backdoordownloaderinfostealerstealertrojanupx

© 2018-2024

Terms | Privacy