Overview

overview

10

Static

static

PO79024.exe

windows7_x64

10

PO79024.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a38a88227a31acef6f3130d11535b644a60b21900901e365c76c09e7df48488

  • Size

    22KB

  • Sample

    220701-r79j3sghen

  • MD5

    7363c80fe618895d0fa8e7b62d8a51a3

  • SHA1

    557a42dbec82e223f4bdc2e9a2bb8310d855eee4

  • SHA256

    7a38a88227a31acef6f3130d11535b644a60b21900901e365c76c09e7df48488

  • SHA512

    4f804b26d4520bcd98dbe7ae48d248c2b96b9a5b1d13f2ff467ab41d0ebce5bfbcbf1a46a8fdfbf8a4fd4e4c05b221bbaf923babf811e90d64d0addd20783be3

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1LnoRNotpNCWFQS8vXYufgQtJ8WVULDEd

xor.base64

Targets

    • Target

      PO79024.exe

    • Size

      68KB

    • MD5

      7a26334fd827738fb207b6757f49e85d

    • SHA1

      aaef081824a2a0e4cb193e7a8a5d45aa2ac1463c

    • SHA256

      fe29dfd5cbc6b588ef00f19b48463a0fe9e56416e087a2615d59edb393c027d4

    • SHA512

      d4330089d1e2844e15ce14bb341643f69a2d7e06a64dbb00e17892fca517ea193435a8fb68062073daf5e59f4cdfa8799e9b664ae8c3a4169b018c87acae2a8f

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks