Analysis
-
max time kernel
98s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
27-07-2021 08:11
Static task
static1
Behavioral task
behavioral1
Sample
March Purchase Order.bat.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
March Purchase Order.bat.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
March Purchase Order.bat.exe
-
Size
168KB
-
MD5
88e4ab4f1cdc03675e92f722a71cebda
-
SHA1
f0163c37556d016942db3f2690161cc84a3aaffa
-
SHA256
ff9915094e0004d3a6918ebbd606bbca77efa8ab55f1aab1882bd02ef8093283
-
SHA512
ee56d7012168bcad5a5dda24dc3e215025a910c91dec6b0f17cbc68954895430ca380cda4972d98328127b05dafe333c1a8b995e64be405674a11d8f313c1777
Score
10/10
Malware Config
Extracted
Family
guloader
C2
https://onedrive.live.com/download?cid=26BBD7D5AD88DD29&resid=26BBD7D5AD88DD29%21115&authkey=ACIPfa3gbIQqcvU
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3424-116-0x00000000001C0000-0x00000000001CB000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
March Purchase Order.bat.exepid process 3424 March Purchase Order.bat.exe