Overview

overview

10

Static

static

10

SOA.exe

windows7-x64

10

SOA.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51aec932db01fc08aec8d681c44129d3850bb8a60dfe4632a28eda582123325c

  • Size

    63KB

  • Sample

    220718-qqqj7sdhhp

  • MD5

    0b63fa4f141229a6450a7ad8b5709d8d

  • SHA1

    6e042486716a1e5029e7c84733e070d008e34bb6

  • SHA256

    51aec932db01fc08aec8d681c44129d3850bb8a60dfe4632a28eda582123325c

  • SHA512

    534c59de24e8ffbf4e92452d99036f34c51c385dba7b2af2ff9024db7cbaeed7ef16f27d2b9e35f504ffbea13cde60ea0495a5815ec75496496c3fc3bddbedd6

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1fnZYdfwUJYzHFLrXgG7wIq6WxcijjIHV

xor.base64

Targets

    • Target

      SOA.exe

    • Size

      188KB

    • MD5

      513180affbaff85bb0fc7cfda975eed0

    • SHA1

      2c2a6467f735c400cd6d6b7bd134c88170b53c64

    • SHA256

      05804946495c374598d2e32fe407b86a8668fb67b28591953ee320e3b71d63c3

    • SHA512

      88c0e48c17ee5f0e15d0047934e5f4dc845dadf56bbd4304e8dfe8283c1e6f52282c4a602da872abc5bc769c6c569d5d1755d331c7e396ee742f1b81ab003675

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks