Analysis
-
max time kernel
120s -
max time network
172s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
27-07-2021 00:45
Static task
static1
Behavioral task
behavioral1
Sample
BL_INV_COA_ShippingDocs,pdf.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
BL_INV_COA_ShippingDocs,pdf.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
BL_INV_COA_ShippingDocs,pdf.exe
-
Size
88KB
-
MD5
443e430cc75759e3192e29cb99c8226e
-
SHA1
d324758082e1390eb66ec275aeb6c9e41bf11cee
-
SHA256
01445f4c5b7f9c17482f85b5c6910a9ce77e6d1c680f15d54a025dd359530cc0
-
SHA512
029ebd17212e73427d9677aea2a7523e79c9dc90ebbc10c82bd1dfea059b3b7d54643cc1a166e76a690efe3afe80d30ada5149f39f3ad2d3a32b68da09b4236f
Score
10/10
Malware Config
Extracted
Family
guloader
C2
https://drive.google.com/uc?export=download&id=1nL7WP7YB67gedJe1MeT479-zN1rgKZdi
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
BL_INV_COA_ShippingDocs,pdf.exepid process 1048 BL_INV_COA_ShippingDocs,pdf.exe