Overview

overview

10

Static

static

66969ac84d...7e.exe

windows7_x64

10

66969ac84d...7e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66969ac84d6e89fc43c6204653ee0b6bf727fa115f802549e9469027a3dd847e.exe

  • Size

    139KB

  • Sample

    220514-q5papacdfq

  • MD5

    cc280cbaa1cdde9b203348512a594a5d

  • SHA1

    c9a6b936c28089bd779d3153056b1d7cbc9d0854

  • SHA256

    66969ac84d6e89fc43c6204653ee0b6bf727fa115f802549e9469027a3dd847e

  • SHA512

    6677d2096e27d4a810ee4a3bc8070a0829128b008536e18fe4d06511f6cf40ec4698c3f4a1a30afa972471acdf3d220407607fbe98c44bed9f0b4b86e2e758d6

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      66969ac84d6e89fc43c6204653ee0b6bf727fa115f802549e9469027a3dd847e.exe

    • Size

      139KB

    • MD5

      cc280cbaa1cdde9b203348512a594a5d

    • SHA1

      c9a6b936c28089bd779d3153056b1d7cbc9d0854

    • SHA256

      66969ac84d6e89fc43c6204653ee0b6bf727fa115f802549e9469027a3dd847e

    • SHA512

      6677d2096e27d4a810ee4a3bc8070a0829128b008536e18fe4d06511f6cf40ec4698c3f4a1a30afa972471acdf3d220407607fbe98c44bed9f0b4b86e2e758d6

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks