guloader | 0ac3073365fd3895969d8a99d1b8574dc08a814065908251da23fe37375ec1c4 | Triage

Submit
Reports

Overview

overview

Static

static

YENİ FATU...ME.exe

windows7-x64

7

YENİ FATU...ME.exe

windows10-2004-x64

Sharing

General

Target

YENİ FATURA ÖDEME.exe
Size

374KB
Sample

220930-mxtcwseccn
MD5

0d051bde23f731b95d3cdbc8d57becc8
SHA1

fd9b5a9229335b70e3760ec4105a848e5b53b0ba
SHA256

0ac3073365fd3895969d8a99d1b8574dc08a814065908251da23fe37375ec1c4
SHA512

fa2ba28574a3da1b4e984100cf9364bfe4bce44aba977898034ed6bd1f0f2ed41f7ac5ea2cb398b4d58b4840a1a30b67f268d134d45bf8063bf6e3e582298215
SSDEEP

6144:4B+pgU+ihA+E/vke3h5RwL5/OymSH9ZS4p/d8NG:4gGionkeTRwL5/vJTSC80

Score

10^/10

guloader njrat hacked discovery downloader trojan

Static task

static1

Behavioral task

behavioral1

Sample

YENİ FATURA ÖDEME.exe

Resource

win7-20220812-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

YENİ FATURA ÖDEME.exe

Resource

win10v2004-20220901-en

guloader njrat hacked discovery downloader trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

C2

45.155.165.74:7778

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Targets

- Target
  
  YENİ FATURA ÖDEME.exe
- Size
  
  374KB
- MD5
  
  0d051bde23f731b95d3cdbc8d57becc8
- SHA1
  
  fd9b5a9229335b70e3760ec4105a848e5b53b0ba
- SHA256
  
  0ac3073365fd3895969d8a99d1b8574dc08a814065908251da23fe37375ec1c4
- SHA512
  
  fa2ba28574a3da1b4e984100cf9364bfe4bce44aba977898034ed6bd1f0f2ed41f7ac5ea2cb398b4d58b4840a1a30b67f268d134d45bf8063bf6e3e582298215
- SSDEEP
  
  6144:4B+pgU+ihA+E/vke3h5RwL5/OymSH9ZS4p/d8NG:4gGionkeTRwL5/vJTSC80
Score

10^/10

discovery guloader njrat hacked downloader trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Drops startup file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

guloadernjrathackeddiscoverydownloadertrojan

© 2018-2024

Terms | Privacy