guloader | 1f63776926fea26a4bec28ec2ede125b4a2c032415239e744e10b4615d5d1720 | Triage

Submit
Reports

Overview

overview

Static

static

1

Listed Product.exe

windows7-x64

7

Listed Product.exe

windows10-2004-x64

Sharing

General

Target

ListedXProduct.ace
Size

186KB
Sample

221220-h2phaagh96
MD5

436a03c6ca496ea70188b55c126117a4
SHA1

ff92aace72b76618f14c12e8802ccefae7753728
SHA256

1f63776926fea26a4bec28ec2ede125b4a2c032415239e744e10b4615d5d1720
SHA512

5b124543fa24e520678edf6feb4f368e43911b43e8435d046d89b9086a9b1bc8fe385a8b5bba83ada2d3385306eca98df0eed3e78e05124ea5f8ac0a39b0a180
SSDEEP

3072:h6PblRY6M3TtQMgQ0Pc13TA0PZtdZ7NuWfb/9ISj6uDIoQNQpxO5C3k/gzK9Zlx0:oPbl+N3Be013M6v1jlISj2obxOY04zKc

Score

10^/10

guloader snakekeylogger collection downloader keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Listed Product.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Listed Product.exe

Resource

win10v2004-20221111-en

guloader snakekeylogger collection downloader keylogger stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
bscppiX6
Email To:
[email protected]

Targets

- Target
  
  Listed Product.exe
- Size
  
  205KB
- MD5
  
  920e6aa359e5a55f0eee6d64e21c502b
- SHA1
  
  c5643f4d1aed8ec169442d55bde2ad1e6b3dbe7c
- SHA256
  
  e1c5a87cc499041cbf2023a33d0247d4f06ab043df4aa7c68e3e8ffbdbc18942
- SHA512
  
  c674f1cb9187db64b78dd08d94a15e0250f3e414ea2258b15ce6caa48c7185698ad7ce66bf2e255ad92db5b7e7cffaf34f90fc232660ac5333c624d7f3cc67f9
- SSDEEP
  
  6144:7BeJt6S7LVzwAFtpMI9l8cTpuBFrWFRjktOd8nJdf:K7LBNQmUzWPjQOd2T
Score

10^/10

guloader snakekeylogger collection downloader keylogger stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloadersnakekeyloggercollectiondownloaderkeyloggerstealer

© 2018-2024

Terms | Privacy