Overview

overview

10

Static

static

f034d6cc73...31.exe

windows7-x64

10

f034d6cc73...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f034d6cc73213f098edd8e326c4346b25bf7fb694c7a4d59c138471f9a1c6531

  • Size

    116KB

  • Sample

    220731-ks94qsghe4

  • MD5

    3d7213ddcbefc0c5f023ddfcc2d3d846

  • SHA1

    ec1367cecf86baec22f2bfb0cd4ce2e0fea331d6

  • SHA256

    f034d6cc73213f098edd8e326c4346b25bf7fb694c7a4d59c138471f9a1c6531

  • SHA512

    4dbcb4faa143bed8ed869196b2a59dd29cad257d00c225b8affc967c05142a45414e112589db7acd60b1b6a5fedccd9fb31578064a8d4564cfd9c5c0fa7cfa51

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1q-1xTD9weiWyiJIbO51ubhF470YCiWrW

xor.base64

Targets

    • Target

      f034d6cc73213f098edd8e326c4346b25bf7fb694c7a4d59c138471f9a1c6531

    • Size

      116KB

    • MD5

      3d7213ddcbefc0c5f023ddfcc2d3d846

    • SHA1

      ec1367cecf86baec22f2bfb0cd4ce2e0fea331d6

    • SHA256

      f034d6cc73213f098edd8e326c4346b25bf7fb694c7a4d59c138471f9a1c6531

    • SHA512

      4dbcb4faa143bed8ed869196b2a59dd29cad257d00c225b8affc967c05142a45414e112589db7acd60b1b6a5fedccd9fb31578064a8d4564cfd9c5c0fa7cfa51

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks