Overview

overview

10

Static

static

10

TNT Origin...ce.scr

windows7_x64

10

TNT Origin...ce.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23397adcd06190cdab44c5da6774177044f4019685d013fb458a3aadbb26b049

  • Size

    18KB

  • Sample

    220701-r624lsgghl

  • MD5

    0c85bef45d7f941583441722b9b8736b

  • SHA1

    39f21786caf4fe651f7d3f0a3e8ca2f6315068ee

  • SHA256

    23397adcd06190cdab44c5da6774177044f4019685d013fb458a3aadbb26b049

  • SHA512

    14e5ee06acca8a5a6424fee2d0ebe7776b6aa474b8eca5db2581a499ecd1c987c0decca2ac2b9d08645d55d3e07d27cac69f4e18ef159c8be2aa6147865739ae

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Xu-EBHrFFCps27uSuZn8x9gpuvb2NinM

xor.base64

Targets

    • Target

      TNT Original Invoice.scr

    • Size

      56KB

    • MD5

      225f9b295408d8e092a508ee31bb8888

    • SHA1

      6bb0189a2b0b47d9543f9677c00777560970d3b2

    • SHA256

      48d2c69c57d3408576c61445c567193bafaf5cdeedc0b5132f0493d7d0630db8

    • SHA512

      616539164e4a647bc06b4185ca4fec838dbf83458fb7b13c1093dc466a28b3f5aa6aa99941456c051e015e8e7bf6c055e3bbcba0717daf2435925d5c43cdfa17

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks