Overview

overview

10

Static

static

Shipment ...12.exe

windows7_x64

10

Shipment ...12.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75dee70b0047e52c6f917d72cd604aa2ae7a84ebc93b9884e3c26267d601bb99

  • Size

    19KB

  • Sample

    220701-sdgsmsagf4

  • MD5

    a30dd138d63c03109308bb2a50ccf55d

  • SHA1

    8b6ba7c70dd1d7be431e9da0548d52265924633a

  • SHA256

    75dee70b0047e52c6f917d72cd604aa2ae7a84ebc93b9884e3c26267d601bb99

  • SHA512

    12938148284f11d73407181f095ffa852f598a7a891b8fbb090a7fb4fc878edd4ebbf880769e5644a7f8b5da4a57ca626e2336ee52d5a9a8d75b2b81aa83bda3

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1NyXP84dulE0oDd6gCNcC5COgBELKShl5

xor.base64

Targets

    • Target

      Shipment Doc_58895592612.exe

    • Size

      64KB

    • MD5

      ca44231475c356476956fe42f9d22f9d

    • SHA1

      2b7ee5dae6182ff36430316bef7810d8bd29d89a

    • SHA256

      710e897de806be68f2888fa89da4479429409cae595a8c7f8c582cc0de722083

    • SHA512

      f6fafddba8ee2194e7206aaf1739bbd4aa72b687676e9df08810e05ed8c11373da494a1a87a3b0b8bb511917232f2926908e48f2a6b337d7cd505333aa8148b3

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader Payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks