Overview

overview

10

Static

static

1c7021977b...bf.exe

windows7_x64

10

1c7021977b...bf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf

  • Size

    80KB

  • Sample

    220707-ylfs7shfhn

  • MD5

    698482b9819bcf8973fba7e0deaf862e

  • SHA1

    023a888790843bd788483da56b0422981dd4e826

  • SHA256

    1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf

  • SHA512

    10cd41330d30903cae38b21cf46e7ae4aea5bc694effe28df78799912f11009b08c48bed9855a016d256cc0080a99c8bdc03f95afa25c2d1872914f4f7675d7d

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1uIC_VY6SuPUt6vF_2WvqGhzus4onPU4o

xor.base64

Targets

    • Target

      1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf

    • Size

      80KB

    • MD5

      698482b9819bcf8973fba7e0deaf862e

    • SHA1

      023a888790843bd788483da56b0422981dd4e826

    • SHA256

      1c7021977bfa2a35b79e059a0937ced628d50b79b8940e70e0505f13b381a4bf

    • SHA512

      10cd41330d30903cae38b21cf46e7ae4aea5bc694effe28df78799912f11009b08c48bed9855a016d256cc0080a99c8bdc03f95afa25c2d1872914f4f7675d7d

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks