Overview

overview

10

Static

static

ea93cbe75b...9b.exe

windows7_x64

10

ea93cbe75b...9b.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b

  • Size

    100KB

  • Sample

    220131-16z4pacgck

  • MD5

    3d1fd9bcef7cbe915bb49857461ad781

  • SHA1

    2cefa31941545092ce5092bc98f3d58d66fb1b55

  • SHA256

    ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b

  • SHA512

    8f46b2d5fc24075282217d84eb4d69996659e548055c70052b5927b0af401954dd289d4fd628309b2d46bdc5a8027b253b7417f72c4a18d527798ae1bd1412dd

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1cs40Db_dgZugASem90KebWJ2mVl6LmjR

xor.base64

Targets

    • Target

      ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b

    • Size

      100KB

    • MD5

      3d1fd9bcef7cbe915bb49857461ad781

    • SHA1

      2cefa31941545092ce5092bc98f3d58d66fb1b55

    • SHA256

      ea93cbe75bc0cd26e82acc4aa17b0f47662073b958c519897306c44d898a619b

    • SHA512

      8f46b2d5fc24075282217d84eb4d69996659e548055c70052b5927b0af401954dd289d4fd628309b2d46bdc5a8027b253b7417f72c4a18d527798ae1bd1412dd

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks