guloader | 3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3 | Triage

Submit
Reports

Overview

overview

Static

static

3accd14e8e...f3.exe

windows7_x64

3accd14e8e...f3.exe

windows10-2004_x64

Sharing

General

Target

3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
Size

68KB
Sample

220703-xffetaefe8
MD5

6638bc78f2982b626882ef0a8f2691ad
SHA1

cfe9f9a48ff33b1cbbb98bd11912a9d02812ac3b
SHA256

3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
SHA512

260c9c42465122adf87ae9af3723ec922f9badeb9a12e4211c4221be40dd39e492e9efef96eca3dc47198ca9b97be12086ae79cc283479bf365dcecff2a4dfe8

Score

10^/10

guloader downloader guloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3.exe

Resource

win7-20220414-en

guloader downloader guloader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3.exe

Resource

win10v2004-20220414-en

guloader downloader guloader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1UPSdmz5-CbjEG0swZp8Jimwt4JW5ee8e

xor.base64

Targets

- Target
  
  3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
- Size
  
  68KB
- MD5
  
  6638bc78f2982b626882ef0a8f2691ad
- SHA1
  
  cfe9f9a48ff33b1cbbb98bd11912a9d02812ac3b
- SHA256
  
  3accd14e8e0904a392b11b16572cd5d2db290f73cf4494531072408e0e8315f3
- SHA512
  
  260c9c42465122adf87ae9af3723ec922f9badeb9a12e4211c4221be40dd39e492e9efef96eca3dc47198ca9b97be12086ae79cc283479bf365dcecff2a4dfe8
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy