Overview

overview

10

Static

static

SQ0894795.exe

windows7_x64

10

SQ0894795.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e

  • Size

    45KB

  • Sample

    220521-xy4v5agabm

  • MD5

    663d39d174d4e1e034939da4017b6ee8

  • SHA1

    b230e468e708968fba8b33b2ea25ea12de73bc98

  • SHA256

    ed3ed82dd7ed597b90b5546ef3501f2f9b6b5731dde63ee84f3b9eeab8aea34e

  • SHA512

    5cc3be16c3eff3c617a32dab2600335c874d0846261d0863f3545bc7b4f73b41cf9881ac2a77289db354622a6c97cceefe2033f8c1c7295bb8422ba8d78b764d

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://taleoudine.com/bryt2_xkAWOqihL67.bin

xor.base64

Targets

    • Target

      SQ0894795.exe

    • Size

      92KB

    • MD5

      174f32e90c9316ecf500e2a8a4965062

    • SHA1

      5d682fd001e54ab1bcfaf7266564a3c0cdbbbce7

    • SHA256

      7a3acd412036e1f071595f9ee144d45ee7dcc0a6f4fb8c6ed45022ec423e6061

    • SHA512

      b1847d9456e3467112628bec12bde4b5559bb5f56541f6879b0b6e2a2305f2e8ef9ceeafb48a7fd469348db0cfddd34b7ca4a3ed2e1f5ae894d79d03d1940664

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks