guloader | 701dd5a951bb4acfb926c158cfd59592c150015df206b8150c9a98b83eebdb95 | Triage

Sharing

General

Target

701dd5a951bb4acfb926c158cfd59592c150015df206b8150c9a98b83eebdb95
Size

92KB
Sample

220131-19nj3adcf4
MD5

ad419a39769253297b92f09e88e97a07
SHA1

ed06c600aadd16e29819e354b036366a608631be
SHA256

701dd5a951bb4acfb926c158cfd59592c150015df206b8150c9a98b83eebdb95
SHA512

84bca374b01d33540ef89f43c8f69a65f6521d9572009d2352d7788935945958de3006a33226f93299c9e61f7f8453ad27f785df36a068b8c9f0290e685bd762

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://cdn-12.anonfile.com/D8V7l1d4o0/be094ca8-1582786920/igine%20(2)_encrypted_8D185FF.bin

https://cdn.filesend.jp/private/9gBe6zzNRaAJTAAl1A3VRa8_Gs0yw1ViOupoQM8N7njTTXNKTBoZTTlcXmygveWF/igine%20%282%29_encrypted_8D185FF.bin

xor.base64

Targets

- Target
  
  701dd5a951bb4acfb926c158cfd59592c150015df206b8150c9a98b83eebdb95
- Size
  
  92KB
- MD5
  
  ad419a39769253297b92f09e88e97a07
- SHA1
  
  ed06c600aadd16e29819e354b036366a608631be
- SHA256
  
  701dd5a951bb4acfb926c158cfd59592c150015df206b8150c9a98b83eebdb95
- SHA512
  
  84bca374b01d33540ef89f43c8f69a65f6521d9572009d2352d7788935945958de3006a33226f93299c9e61f7f8453ad27f785df36a068b8c9f0290e685bd762
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2