guloader | 9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7 | Triage

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-en-20211208
submitted
30-01-2022 15:22

Sharing

Report Analysis Logs

General

Target

9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7.exe
Size

40KB
MD5

f8a95daa42ef9246729a0c779aef85bf
SHA1

4b7f946f08252c666ef9872328ca3126199aaec9
SHA256

9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7
SHA512

fce517410ee4d8ee7d96f2ab999414972f6b59bf0cd1135cec3dd485ac091ad67f21ca3527e7882124be85fc11c8e9b902df2526ced270dda16e3aa5660770cd

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1mVJV7BrsU6WZXyhq-IOOLwoe8zGnSg2i

xor.base64

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7.exe

pid process

1520 9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7.exe

C:\Users\Admin\AppData\Local\Temp\9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7.exe
"C:\Users\Admin\AppData\Local\Temp\9b27978aaada5cf5c16d7f1331f0341aae2bbb5de7ed8db1c2038ed837de57f7.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1520

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1520-56-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/1520-57-0x0000000077800000-0x00000000779A9000-memory.dmp

Filesize
1.7MB

Download