Analysis
-
max time kernel
64s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 17:31
Static task
static1
Behavioral task
behavioral1
Sample
79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8.exe
Resource
win10v2004-20221111-en
General
-
Target
79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8.exe
-
Size
80KB
-
MD5
5c5c4cce6f8c9386b90a49556ec00733
-
SHA1
c28253e203bf0fedd86815deca56493b1362602a
-
SHA256
79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8
-
SHA512
696e37ca1a3a77344409c019e07050d2e3d817f5f789ecc40636e42ac1485edb6c90926d83f4866a78da6727d8c53ecedb8822e07be67e0aca51a302e739742a
-
SSDEEP
768:4ABlsFBTnjIsNALaLAHYXnl7m7nl9imAN53LkvemH5CfRbMIr:HlOBjNlL8YVq7nlsVxNmAJB
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1OnLl_UVjzKc69AYy3Qv2_CYgHl7YVtTK
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1940-56-0x0000000000390000-0x000000000039B000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8.exepid process 1940 79d10ba0ee3b864953c9a46f1e231aab48efbf91e27325e5d83743a92ba225b8.exe