Overview

overview

10

Static

static

B202000630......exe

windows7_x64

10

B202000630......exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba33c33e01b5f72eb0e0651f58de0641447b40301d8793965e70e67bf83447e8

  • Size

    15KB

  • Sample

    220121-28ndcacggr

  • MD5

    0ade6f594028701c8b403eab41ed3584

  • SHA1

    26a4dab79f46dbb55385d8fd5e6dcbbe51491561

  • SHA256

    ba33c33e01b5f72eb0e0651f58de0641447b40301d8793965e70e67bf83447e8

  • SHA512

    5b7704da3e39e775dd6a4ab0cc0d699ea253069cb0fd3570b2edc49eb0d1a9c220995fab5457e0a52e55e9d17a6e6a67b4131213d58c0b5f4cffdc7bd1d6d642

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1nxID3cbZ3N3YCfZ5Mt-WYptrBK_9HFWH

xor.base64

Targets

    • Target

      B2020006307357.PDF...exe

    • Size

      52KB

    • MD5

      42e026716bcf95406beca59b834a1432

    • SHA1

      9474067350e0211faff4eb0c14dc2982897ee6f9

    • SHA256

      1dd138afd050e4d29b20494c3bd607685295f2cd8217c1e6ddd9b47e54961f38

    • SHA512

      01873ec441a283c55948052c4a835c7fd5246f695ed955239168dc583299c1bf58536f80d77e0a4c76e19ca04e51ef9ce927c806489bf1b122d0b6ad44d1df9b

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks