guloader | 0f1b744f01460d16ca025472b07896f43b49457096cbaa64d5298979ee8dd3ed

General

Target

Purchase_Order___PO220126-01.docx
Size

10KB
Sample

220127-pyd1pscgdl
MD5

e3cfb506f0e65381ac420397932097f3
SHA1

fae28a0f92ce9ff146ae85c8dbde71286500873e
SHA256

0f1b744f01460d16ca025472b07896f43b49457096cbaa64d5298979ee8dd3ed
SHA512

5f62af23e840e27f04cceb345235cb31c2d0863a184c0ac0ec3266a9fa7564ecebb2bebe555f9a0c1a02b41aaa011aada42abf2747e0f4ad2eddcdbb6b56449a

Score

10^/10

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://198.23.207.10/..W.w.........WWww.---wW--W-Ww--.w---wW...............Wbk-Wbk........wWWw/...-W--------wwwWw........Wnk...---WBK.----WwwW...wBkW-----w-w---Ww.wW......wwwWw.-_w.wbk

Targets

- Target
  
  Purchase_Order___PO220126-01.docx
- Size
  
  10KB
- MD5
  
  e3cfb506f0e65381ac420397932097f3
- SHA1
  
  fae28a0f92ce9ff146ae85c8dbde71286500873e
- SHA256
  
  0f1b744f01460d16ca025472b07896f43b49457096cbaa64d5298979ee8dd3ed
- SHA512
  
  5f62af23e840e27f04cceb345235cb31c2d0863a184c0ac0ec3266a9fa7564ecebb2bebe555f9a0c1a02b41aaa011aada42abf2747e0f4ad2eddcdbb6b56449a
Score

10^/10

guloader downloader suricata
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- suricata: ET MALWARE WBK Download from dotted-quad Host
  suricata: ET MALWARE WBK Download from dotted-quad Host
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2