Overview

overview

10

Static

static

QUOTE.exe

windows7_x64

10

QUOTE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db

  • Size

    44KB

  • Sample

    220521-xy46wscgf8

  • MD5

    411185067af1c689e07919d1899420c6

  • SHA1

    85c7d61dbeecc80d17a42093ff3d16e68288c62b

  • SHA256

    1f86ae518180a446b6512634165900094f510d6f55eb32a61e593b948b5905db

  • SHA512

    209ddd1c35e4e5944de846fef779d8926fdfe454440a0f6ff2a80601e744a104738e77c58fd3e22f465e6e621706c5bffc1b31cbcc68a0a9805a572b7f007a5c

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://cor.sehablae.com/man.bin

xor.base64

Targets

    • Target

      QUOTE.exe

    • Size

      92KB

    • MD5

      90ce0f474374981b8878cbf7b91e0bdc

    • SHA1

      ae174ad9d8638191dd732f851824833c6579acde

    • SHA256

      b5f6c2a230e8c24dd4859e076e8802d5785c6af1056388a3bb660d091c1437ac

    • SHA512

      b7fbc087525f0b307b24e3ecc2c2077ac24e50f6b7329c2b8968dd555187da17900f585d697bd1e6e566bfc7078efac6509146cd33b544c5a80a812260569999

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks