guloader | 2beb372c916528fc943ad19a8e02729979cae0eae9f1f56f478f5240d2492b81 | Triage

Submit
Reports

Overview

overview

Static

static

8

evil.doc

windows10-2004_x64

Resubmissions

04-07-2022 18:03

220704-wnazmaceg3 10

04-07-2022 17:47

220704-wc2yzaceb9 8

Sharing

General

Target

evil.doc
Size

534KB
Sample

220704-wnazmaceg3
MD5

18cfa7d7480f836e32b024bbb6400f2f
SHA1

dd643576cc4a8012a6c48c73fb625e5c44d3b371
SHA256

2beb372c916528fc943ad19a8e02729979cae0eae9f1f56f478f5240d2492b81
SHA512

2389b80ae93431b3c8b6896cf9597980a956d708009dbae76dbbf933eb96378a50f877d6b59315612aaf5295ba9f06fc3c00e301c47c66d7d3654d3ac0b75421

Score

10^/10

guloader netwire botnet downloader macro macro_on_action stealer

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

evil.doc

Resource

win10v2004-20220414-en

guloader netwire botnet downloader stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  evil.doc
- Size
  
  534KB
- MD5
  
  18cfa7d7480f836e32b024bbb6400f2f
- SHA1
  
  dd643576cc4a8012a6c48c73fb625e5c44d3b371
- SHA256
  
  2beb372c916528fc943ad19a8e02729979cae0eae9f1f56f478f5240d2492b81
- SHA512
  
  2389b80ae93431b3c8b6896cf9597980a956d708009dbae76dbbf933eb96378a50f877d6b59315612aaf5295ba9f06fc3c00e301c47c66d7d3654d3ac0b75421
Score

10^/10

guloader netwire botnet downloader stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

guloadernetwirebotnetdownloaderstealer

© 2018-2024

Terms | Privacy