Overview

overview

10

Static

static

Order Requ...n.xlsx

windows7_x64

10

Order Requ...n.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order Request for Quotation.xlsx

  • Size

    1.1MB

  • Sample

    210720-5etx2xzrwj

  • MD5

    180907e797d9f4abe57d016b3a4a0da4

  • SHA1

    516bd547d90c8f4ae96c1d828908f3264012937b

  • SHA256

    be589141d3e75f2d8b269dcca0afac7d30d6e2d10d376bb9fdd6236d164b7594

  • SHA512

    e7bfe8868a9335ff725aa5bd3ce237856c6e9662fa00a714f5daec664a35071363fffcf3b8d59f13e4e3f69deda06a538ac299a24c02d13df3cf3126c708d4f7

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Order Request for Quotation.xlsx

    • Size

      1.1MB

    • MD5

      180907e797d9f4abe57d016b3a4a0da4

    • SHA1

      516bd547d90c8f4ae96c1d828908f3264012937b

    • SHA256

      be589141d3e75f2d8b269dcca0afac7d30d6e2d10d376bb9fdd6236d164b7594

    • SHA512

      e7bfe8868a9335ff725aa5bd3ce237856c6e9662fa00a714f5daec664a35071363fffcf3b8d59f13e4e3f69deda06a538ac299a24c02d13df3cf3126c708d4f7

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks