guloader | b598b61f5443239b8c51ebee3de95d33ebe57cf6f3250528fdd94810c3789a90 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...74.exe

windows7-x64

SecuriteIn...74.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Trojan.KillProc2.9731.8373.22974.exe
Size

460KB
Sample

221202-f52wnsge79
MD5

d389d3526bc35937d3ffc6d2109a876f
SHA1

798e1b2fbea4b2d0b6826fb6c15daf2cc87ad58b
SHA256

b598b61f5443239b8c51ebee3de95d33ebe57cf6f3250528fdd94810c3789a90
SHA512

a5cd970a01c1a356c3345724d39655907d00e05c6698539a890351959b81ed30d378d11812a01f097e2a31e5d4eb271779a2ae86279fbb5fa1421c2766927432
SSDEEP

1536:DWkc8UVJnMQLLI9m9CzsABLaYcfFvKr/63On6BpEoGiV:DN0JnMg8gCzsAFa5fFvKrMQ6BpEoG2

Score

10^/10

guloader downloader guloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.KillProc2.9731.8373.22974.exe

Resource

win7-20220812-en

guloader downloader guloader persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.KillProc2.9731.8373.22974.exe

Resource

win10v2004-20220812-en

guloader downloader guloader persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Qjrpw8RUpYAHmEluWbVlH_nfGfr3r4V-

https://www.sendspace.com/pro/dl/v4w6wl

xor.base64

Targets

- Target
  
  SecuriteInfo.com.Trojan.KillProc2.9731.8373.22974.exe
- Size
  
  460KB
- MD5
  
  d389d3526bc35937d3ffc6d2109a876f
- SHA1
  
  798e1b2fbea4b2d0b6826fb6c15daf2cc87ad58b
- SHA256
  
  b598b61f5443239b8c51ebee3de95d33ebe57cf6f3250528fdd94810c3789a90
- SHA512
  
  a5cd970a01c1a356c3345724d39655907d00e05c6698539a890351959b81ed30d378d11812a01f097e2a31e5d4eb271779a2ae86279fbb5fa1421c2766927432
- SSDEEP
  
  1536:DWkc8UVJnMQLLI9m9CzsABLaYcfFvKr/63On6BpEoGiV:DN0JnMg8gCzsAFa5fFvKrMQ6BpEoG2
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy