guloader | b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a | Triage

Submit
Reports

Overview

overview

Static

static

25131_Paym...on.exe

windows7_x64

25131_Paym...on.exe

windows10-2004_x64

Sharing

General

Target

b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a
Size

504KB
Sample

220521-xcts2aegbr
MD5

b5bb2f95993a05e4fb8fb3aaa2a6b8d4
SHA1

233c1529d7093eec5517a79eed37d66500bb813e
SHA256

b36007e8275a822141b6dabf8cfba95a3833e5cd1cc4d8be6b61ad5ba32f065a
SHA512

4772ef2e533f8d4988851206881d56bea91671f1e5b10225ae9175d5c52257821ed8eb4a0fa9f364aa30be6800d463d3f2a8e28c0baf43bd3fa3986f2577237e

Score

10^/10

guloader downloader guloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

25131_Payment_Confirmation.exe

Resource

win7-20220414-en

guloader downloader guloader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

25131_Payment_Confirmation.exe

Resource

win10v2004-20220414-en

guloader downloader guloader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

guloader

C2

https://www.bodyhealthbrasil.com/bc/mayomo_RGwvy106.bin

xor.base64

Targets

- Target
  
  25131_Payment_Confirmation.exe
- Size
  
  444KB
- MD5
  
  96c31f972f7dff2632aeb270268c2011
- SHA1
  
  20ba389bdd0cf117c64b20e8486f1158959654bc
- SHA256
  
  fbae0ff635e7b7cb7646fded915f70803f4c564348b77bf2c6d9809c4353e9a6
- SHA512
  
  70bb0a1ecc107302fe99047d5012de43cf66dec7011726bf03056eae25f5b2589cdeaca06bc1b7aa20ba9aa442bba20c5db1a61068025e80c38c73b0f6e679fd
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy