Analysis
-
max time kernel
131s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 21:57
Static task
static1
Behavioral task
behavioral1
Sample
958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe
Resource
win10v2004-20221111-en
General
-
Target
958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe
-
Size
128KB
-
MD5
2e21d4608f3a76c51e9ae57b04197737
-
SHA1
d8b7d2b2857ee07b512a29da5062616a5846f805
-
SHA256
958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d
-
SHA512
b77e9ea93611295b5ce29cf1a6bcdd8cdda29a03d5c67de1de5f1766ba8365c1901d87c827435859380fb34799bf2f0941a19ed964cc09e9b2a5e6b7265547b7
-
SSDEEP
3072:6pTSnUpuMZu+IeOFd8Er1NizJ+DZNJ+I:cSnUhhOFd8Er1NizJk
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1ArGHlkiCQW6Ppt3Uw5cPS76717BetDXa
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3124-134-0x0000000002230000-0x000000000223D000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exepid process 3124 958521575f39a02c9b3392e6165cd345d70364cd93d0e080f3f6b6fa3db4936d.exe