977d67c533ee62147f1c941b680a11e900ed83574bf3e2c3a29e842f25c4779d

General
Target

977d67c533ee62147f1c941b680a11e900ed83574bf3e2c3a29e842f25c4779d

Size

24KB

Sample

220521-xy7l1sgabp

Score
10 /10
MD5

664485aa4a48dd73f5e9cc4044baaaa2

SHA1

5e819932f512fd0c1fa60f2e0ae617ecbc370394

SHA256

977d67c533ee62147f1c941b680a11e900ed83574bf3e2c3a29e842f25c4779d

SHA512

f29e42720d332cbee2ee6779429949dfa24546bfed27a253e426343f0f31c22c8601c206abcbabbe40c056d0455efda5730265ffcf3c75e5e5e6e599e49b4a47

Malware Config

Extracted

Family guloader
C2

https://drive.google.com/uc?export=download&id=1SxDM6GGV4qlGFgGvRFhzDr_ALJPLe5wr

xor.base64
Targets
Target

scan_004768.pdf.exe

MD5

586552ad9112f084e84c2111cad12ec2

Filesize

84KB

Score
10/10
SHA1

48a50e32aefe8cc29de241c33a91e4ea6c9f7d4b

SHA256

bb5e9e2aea9052040d072c9c9b161d2d5a88c50b049e5a505b016e80910256a0

SHA512

93a35be4aaecae9a6e118af85ef78d4041ca54b8b18d1bfb6b7acd0827d8f05b1d3f399e9227ed1e5ff53ddaa44588d451d987a98e34f68f957d33a1049c7894

Tags

Signatures

  • Guloader,Cloudeye

    Description

    A shellcode based downloader first seen in 2020.

    Tags

  • Executes dropped EXE

  • Checks QEMU agent state file

    Description

    Checks state file used by QEMU agent, possibly to detect virtualization.

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    10/10

                    behavioral2

                    10/10