Overview

overview

10

Static

static

Proforma I...OA.exe

windows7-x64

10

Proforma I...OA.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61410225ef1bc11ee0faca1268d6f79e92909fbb21758e070d146da483efc352

  • Size

    54KB

  • Sample

    220730-1lk42ahdh6

  • MD5

    be1f80ff180e87912560986e84c3b544

  • SHA1

    5390494fcea4ab463fffce99f003d200646ffff4

  • SHA256

    61410225ef1bc11ee0faca1268d6f79e92909fbb21758e070d146da483efc352

  • SHA512

    8a5b3605f0d5d0bf13cabf06d93570b23301612edcbe1a3db74b614ca35d985a318d1414f97f412f63ed210e1cb2c21373e1aaee484b59e3e394ce055a3af207

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1uqLetSjGzBGadccK_rcmxM_8-6gUA_Af

xor.base64

Targets

    • Target

      Proforma Invoice.OA.exe

    • Size

      120KB

    • MD5

      939ea57906aff547a48f939d7a2d3c10

    • SHA1

      e3f06d100d862fa9bcd621f362de9af804a4fc77

    • SHA256

      66c906d1b2d174c8ab0b3bae95400b148554c97fb4bfec81f3b545c0d1067e15

    • SHA512

      e4b339d96b95a3b3f35dab922d1f5e40220ebfee19d9bc3d88c7db50237ff9debc959ac2110b139bea998d5d9043309fe6c49f7686f9cf1a5b3a6129cfc73ebf

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks