Overview

overview

10

Static

static

Sample Dra...df.exe

windows7-x64

7

Sample Dra...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sample Drawing IMG Purchase Order No.CINVPO20000002344.pdf.r27

  • Size

    565KB

  • Sample

    221215-tykkpscg82

  • MD5

    7926a11fee634234da4d25ef06688fe2

  • SHA1

    5d32c69de76a75f4f91a2f4698bd5cc96f413847

  • SHA256

    2c950f03c05cc4bc0016fef20e6e35c03a5299f97cf46c2748cdfdedcceb3b04

  • SHA512

    c614af7eb4237e2e0af52ba0ad057a493f15b6975eab97ab098e1966c6e873716ee1b427b2107acc53dfadde2beeeed659c2bd6abbbc8e45459c096bbfdcb1d4

  • SSDEEP

    12288:huts7TV4p1chqs8jcfzxf6VKlHe7R1khRAbacklYOVRa2yuyFbg:ke7TV+u55fJ60He7M7cyaptFbg

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Sample Drawing IMG Purchase Order No. CINVPO20000002344.pdf.exe

    • Size

      638KB

    • MD5

      64b2a30bec89e89714b391908fb8ceff

    • SHA1

      ece05a0ce3cb7b1524e607121525dce53d5ef362

    • SHA256

      a18ddbcb974723faec3f0bda9244216649786ca41471cc63049999d0408d7009

    • SHA512

      aa566aee44ef54b562e6bae962595fae352fbeaa8787c0bb60522e3843e99c8e61e0d5144360dcb039c8b35a2b40b497fc02c3e6fdbb79d101befb959c370bfb

    • SSDEEP

      12288:5ms7kmH3YwbAD4IzsdumUV7/fXnG4Jbt1YuVQ7MCnC+xYXTC+bkqspoD:0swets4Iz6rU/fXXXWuVQAwxeWE1b

    Score
    10/10
    discoveryguloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks