Overview

overview

10

Static

static

662a8d56ec...00.exe

windows7-x64

10

662a8d56ec...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    662a8d56ec465a96b1251f29c94bee20f3e30bd5a3a632fa3904c42a6840ef00

  • Size

    247KB

  • Sample

    230116-2vh7gaeh33

  • MD5

    ec9bab61ebd369e7da67844842659e21

  • SHA1

    e951d295b858224e241bc47446906a49f6ee4717

  • SHA256

    662a8d56ec465a96b1251f29c94bee20f3e30bd5a3a632fa3904c42a6840ef00

  • SHA512

    d47038cde13d0ce7014f9a1cef0bd43191ca60dfbded8783540bfc558a63f9f60459c34563e3f1cfcc1d3ad279ce319715ba06521568e0868bb8b8cbf64f3cd1

  • SSDEEP

    6144:iT4Dt+KsyVTQuVy808j/EP/BhmHbOA7G2DzSK:iTKtVTQur084/BhM/rCK

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      662a8d56ec465a96b1251f29c94bee20f3e30bd5a3a632fa3904c42a6840ef00

    • Size

      247KB

    • MD5

      ec9bab61ebd369e7da67844842659e21

    • SHA1

      e951d295b858224e241bc47446906a49f6ee4717

    • SHA256

      662a8d56ec465a96b1251f29c94bee20f3e30bd5a3a632fa3904c42a6840ef00

    • SHA512

      d47038cde13d0ce7014f9a1cef0bd43191ca60dfbded8783540bfc558a63f9f60459c34563e3f1cfcc1d3ad279ce319715ba06521568e0868bb8b8cbf64f3cd1

    • SSDEEP

      6144:iT4Dt+KsyVTQuVy808j/EP/BhmHbOA7G2DzSK:iTKtVTQur084/BhM/rCK

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks