Overview

overview

10

Static

static

cbd2d9962e...dd.exe

windows7_x64

10

cbd2d9962e...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbd2d9962e762a0966820cee65ddf544456d00b1dc65974355ac241f65b65fdd

  • Size

    60KB

  • Sample

    220625-dep33sdgc8

  • MD5

    969476dfddb18b75a99e52da0d34921e

  • SHA1

    0b25af64985c4001584285ed240924c8c8c6fecb

  • SHA256

    cbd2d9962e762a0966820cee65ddf544456d00b1dc65974355ac241f65b65fdd

  • SHA512

    43945d9651af2a4dd2fb7c42a76f2420f251896de1cfcf539b303fbf2b1bd7631f208edd646738581e5219fd1be8328a7ada270f8e5d32ee01cf3327a791d635

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1zREeSmej9mMiM6QRS_Zww_oRjG5Uva2U

xor.base64

Targets

    • Target

      cbd2d9962e762a0966820cee65ddf544456d00b1dc65974355ac241f65b65fdd

    • Size

      60KB

    • MD5

      969476dfddb18b75a99e52da0d34921e

    • SHA1

      0b25af64985c4001584285ed240924c8c8c6fecb

    • SHA256

      cbd2d9962e762a0966820cee65ddf544456d00b1dc65974355ac241f65b65fdd

    • SHA512

      43945d9651af2a4dd2fb7c42a76f2420f251896de1cfcf539b303fbf2b1bd7631f208edd646738581e5219fd1be8328a7ada270f8e5d32ee01cf3327a791d635

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks