Overview

overview

10

Static

static

Comprobant...df.exe

windows7_x64

10

Comprobant...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4d9fba1b0abefc577cb58b774b3f38892fe7ed7a57076f94354f510deafc332

  • Size

    15KB

  • Sample

    220121-2xpf9scchp

  • MD5

    9cd25246104a043bb807e95035dc1ebe

  • SHA1

    a5991694b284beb0ea50c34a21a7fb0cede4c64a

  • SHA256

    e4d9fba1b0abefc577cb58b774b3f38892fe7ed7a57076f94354f510deafc332

  • SHA512

    198b7baef7ee5a410609ce2f5a9eef3a74f21d11c8bab858d30c1a7f0d76e5de81f8d34d19e255ca5442f5c7823d2baa1c647812142ce9d950feaa5176d1a8aa

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=185yfGKZexOdEd7mpzk2cg-0hQHnY6XWe

xor.base64

Targets

    • Target

      Comprobante de transferencia.pdf.exe

    • Size

      48KB

    • MD5

      fc0557257080e207819d005d257833f8

    • SHA1

      5a7d76b52983a8babcfec637c0319a15c2dce22e

    • SHA256

      72b08b2bc289e7665a1701f07f6e366898ceb61fa289007187fded38834267f3

    • SHA512

      c036a1f635bf2adab66c2e29176cca3b1fde4f8319e1f09c562fef8aacf5ad99f61f8036ede90a10d86f6bf56eb67d36528780caa48f8ee8787b8a10e03eddd7

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks