guloader | 92d3f3039854249430fa9d8aea81e6813add46a6ed80e3b8934840f48e386124 | Triage

Sharing

General

Target

92d3f3039854249430fa9d8aea81e6813add46a6ed80e3b8934840f48e386124
Size

188KB
Sample

220724-rq4bqsfdg2
MD5

be776a651ec6df65bd524ab1a5c19908
SHA1

0f56947349bcd36118b559f46e908decbe99bebf
SHA256

92d3f3039854249430fa9d8aea81e6813add46a6ed80e3b8934840f48e386124
SHA512

214882b02e774d184ea33c24ba6f504420ae88470c8ba12a22929f4ff94c135a80bfaac5d687424620c8113667aac7e4e0cfab6221a9bcbdff700e226f044ce6

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://84.16.248.166/photo/photo_encrypted_4433460.bin

xor.base64

Targets

- Target
  
  92d3f3039854249430fa9d8aea81e6813add46a6ed80e3b8934840f48e386124
- Size
  
  188KB
- MD5
  
  be776a651ec6df65bd524ab1a5c19908
- SHA1
  
  0f56947349bcd36118b559f46e908decbe99bebf
- SHA256
  
  92d3f3039854249430fa9d8aea81e6813add46a6ed80e3b8934840f48e386124
- SHA512
  
  214882b02e774d184ea33c24ba6f504420ae88470c8ba12a22929f4ff94c135a80bfaac5d687424620c8113667aac7e4e0cfab6221a9bcbdff700e226f044ce6
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader