guloader | bfd13f95b95c437e7f96fa29c687c056bc0ed4aa67893274ddc38a68f81e9a37 | Triage

Sharing

General

Target

bfd13f95b95c437e7f96fa29c687c056bc0ed4aa67893274ddc38a68f81e9a37
Size

60KB
Sample

220701-e13fzadgb6
MD5

401c5beadf4c7e0d28128e94e007af81
SHA1

2ac7ba7677e2d79cec8b4751f5a237e5bd21214c
SHA256

bfd13f95b95c437e7f96fa29c687c056bc0ed4aa67893274ddc38a68f81e9a37
SHA512

c77994dcb051320c3b78d69e94c7c66ccc645ce928790f8738127020e810ef6ec452f8dfb68d6daa4710aea851c10e6003318bec5dc2499b7066049bffc0aac9

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://garyssales.com/c4.bin

xor.base64

Targets

- Target
  
  bfd13f95b95c437e7f96fa29c687c056bc0ed4aa67893274ddc38a68f81e9a37
- Size
  
  60KB
- MD5
  
  401c5beadf4c7e0d28128e94e007af81
- SHA1
  
  2ac7ba7677e2d79cec8b4751f5a237e5bd21214c
- SHA256
  
  bfd13f95b95c437e7f96fa29c687c056bc0ed4aa67893274ddc38a68f81e9a37
- SHA512
  
  c77994dcb051320c3b78d69e94c7c66ccc645ce928790f8738127020e810ef6ec452f8dfb68d6daa4710aea851c10e6003318bec5dc2499b7066049bffc0aac9
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader