General
-
Target
46ca6b60ad6492b4548cb25c5e7ff6981bf7f0a7961743222dc3f25d1f12280b
-
Size
60KB
-
Sample
221125-krbjsaaa4v
-
MD5
daaff39b3854fe5ef5427eec52265fd8
-
SHA1
4ad3c1cbfc9a19a245195e5044d53a2d26e447f7
-
SHA256
46ca6b60ad6492b4548cb25c5e7ff6981bf7f0a7961743222dc3f25d1f12280b
-
SHA512
aa24e27ea4b92dc55abb6f071f03e8f1b99125ee71716d6e66bc969e0d680d5d9d6147946a2a58a72860f4bc8ee630a4ed9c60c676aad610bd00e177c77b8452
-
SSDEEP
768:xxT8RY10ew25PbGU98RYRlpsZebyk+AnYgQThfnDTdt9z:xiyhGU98CDpsZeb7ng
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1x3EIvAyvaXVzTC7xfLdkikFqCA1reHig
Targets
-
-
Target
46ca6b60ad6492b4548cb25c5e7ff6981bf7f0a7961743222dc3f25d1f12280b
-
Size
60KB
-
MD5
daaff39b3854fe5ef5427eec52265fd8
-
SHA1
4ad3c1cbfc9a19a245195e5044d53a2d26e447f7
-
SHA256
46ca6b60ad6492b4548cb25c5e7ff6981bf7f0a7961743222dc3f25d1f12280b
-
SHA512
aa24e27ea4b92dc55abb6f071f03e8f1b99125ee71716d6e66bc969e0d680d5d9d6147946a2a58a72860f4bc8ee630a4ed9c60c676aad610bd00e177c77b8452
-
SSDEEP
768:xxT8RY10ew25PbGU98RYRlpsZebyk+AnYgQThfnDTdt9z:xiyhGU98CDpsZeb7ng
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-