Overview

overview

10

Static

static

29367502e1...23.exe

windows7_x64

10

29367502e1...23.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923

  • Size

    52KB

  • Sample

    220124-gbjzfachb2

  • MD5

    61ce777555ee4d591ff151e0927ab8d4

  • SHA1

    3c5a6a8825101a71d2372f5c6961861ef1b4223f

  • SHA256

    29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923

  • SHA512

    3783ae2713492347fa627e51f3def9ec0502ed5c4d0f7e5c0932f80fa93e6a951ceb5708bd6347c031e081b1f7017bf86597db34fb6655f2f748439c825bd628

Score
10/10
guloaderdownloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://share.dmca.gripe/hUZTLm0ETh86oDEL.bin

xor.base64

Targets

    • Target

      29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923

    • Size

      52KB

    • MD5

      61ce777555ee4d591ff151e0927ab8d4

    • SHA1

      3c5a6a8825101a71d2372f5c6961861ef1b4223f

    • SHA256

      29367502e16bf1e2b788705014d0142d8bcb7fcc6a47d56fb82d7e333454e923

    • SHA512

      3783ae2713492347fa627e51f3def9ec0502ed5c4d0f7e5c0932f80fa93e6a951ceb5708bd6347c031e081b1f7017bf86597db34fb6655f2f748439c825bd628

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks