guloader | f521d91130e9f9d78e90a78f0744044051e0e64c212c33dd6be9aaa6201cc882 | Triage

Sharing

General

Target

f521d91130e9f9d78e90a78f0744044051e0e64c212c33dd6be9aaa6201cc882
Size

100KB
Sample

220131-16xnkacgcj
MD5

f20c2dd7f4f9683376438b7f264e852f
SHA1

393f7b271266af4eb025824adc0cada5868bb447
SHA256

f521d91130e9f9d78e90a78f0744044051e0e64c212c33dd6be9aaa6201cc882
SHA512

1d9240532164ec7f23fc53f423cb33273ce90ae2395843e049e14cd63235b8b9911cfc93fcb25893b620f48fa9486de9d8369c6b13f01cfdc337384f4ef435d3

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://castmart.ga/~zadmin/icloud/apslo_encrypted_2A0A9B0.bin

xor.base64

Targets

- Target
  
  f521d91130e9f9d78e90a78f0744044051e0e64c212c33dd6be9aaa6201cc882
- Size
  
  100KB
- MD5
  
  f20c2dd7f4f9683376438b7f264e852f
- SHA1
  
  393f7b271266af4eb025824adc0cada5868bb447
- SHA256
  
  f521d91130e9f9d78e90a78f0744044051e0e64c212c33dd6be9aaa6201cc882
- SHA512
  
  1d9240532164ec7f23fc53f423cb33273ce90ae2395843e049e14cd63235b8b9911cfc93fcb25893b620f48fa9486de9d8369c6b13f01cfdc337384f4ef435d3
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2