Overview

overview

10

Static

static

4e7405f1c2...34.exe

windows7-x64

10

4e7405f1c2...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34

  • Size

    72KB

  • Sample

    221125-kwzr6sac5v

  • MD5

    2235094ea7814d69ef927b04f5ae99d7

  • SHA1

    5e7ca91b7e8fa62a4c096a9977715a2b87c1dd20

  • SHA256

    4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34

  • SHA512

    961ba0bfca0785ac227a97648ad33600a27ae1d6b6aec5e9c002e83563d41fdf218a6c1b17c178ddfd395baa6f9ce8c5fed46dd54ad698c390292d3f4367fc88

  • SSDEEP

    1536:n46tqdJnIllfVDYP1zVb+KEwbPzceENxKVb7qdJnIllfVDYP1:4GcJnInU1zVnCsVncJnInU1

Score
10/10
guloaderdownloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1ohieY-C4cvZAlE4IeE-oAipqoPYNKBBu

https://filezico.com/stub2020_encrypted_3F4B900.bin
xor.base64

Targets

    • Target

      4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34

    • Size

      72KB

    • MD5

      2235094ea7814d69ef927b04f5ae99d7

    • SHA1

      5e7ca91b7e8fa62a4c096a9977715a2b87c1dd20

    • SHA256

      4e7405f1c27e723dee7353d2b024c73e46c53872c5d4a031da64dded80b53c34

    • SHA512

      961ba0bfca0785ac227a97648ad33600a27ae1d6b6aec5e9c002e83563d41fdf218a6c1b17c178ddfd395baa6f9ce8c5fed46dd54ad698c390292d3f4367fc88

    • SSDEEP

      1536:n46tqdJnIllfVDYP1zVb+KEwbPzceENxKVb7qdJnIllfVDYP1:4GcJnInU1zVnCsVncJnInU1

    Score
    10/10
    guloaderdownloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks