guloader | 4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4 | Triage

Sharing

General

Target

4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
Size

52KB
Sample

221125-kcmnhahb3x
MD5

56d6212310c5ab3edf20f0edaf925b27
SHA1

2fc6d933ce07d8d14d908554c200925136fd014c
SHA256

4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
SHA512

52d80436d54d25a5383766755147d5ba8a51d2f3071ae9116b31b5e37e9e700bdffc71d2ae5474ce016988f3d3b79961acbcc03ad04cd6eaf99deb248594187d
SSDEEP

384:snvKasK0S11V+bv+cmz7xeEXvwhwtvIMXkO4IJqErcGATIKG:snvyKcbv+cmXhfwh0wMXBjYE4GAz

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://ribbonlogistics.com/js/jquery/public/cagefs/files/bin/9UJYHT.bin

https://www.mastqalander.pk/deal-manager/.well-known/pki-validation/9UJYHT.bin

xor.base64

Targets

- Target
  
  4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
- Size
  
  52KB
- MD5
  
  56d6212310c5ab3edf20f0edaf925b27
- SHA1
  
  2fc6d933ce07d8d14d908554c200925136fd014c
- SHA256
  
  4b9dd65ba698f3c87ff4526f8486bf5d92d6e84a69a9066783c60a6502fcf9c4
- SHA512
  
  52d80436d54d25a5383766755147d5ba8a51d2f3071ae9116b31b5e37e9e700bdffc71d2ae5474ce016988f3d3b79961acbcc03ad04cd6eaf99deb248594187d
- SSDEEP
  
  384:snvKasK0S11V+bv+cmz7xeEXvwhwtvIMXkO4IJqErcGATIKG:snvyKcbv+cmXhfwh0wMXBjYE4GAz
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader