Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 15:22
Static task
static1
Behavioral task
behavioral1
Sample
2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546.exe
Resource
win10v2004-20221111-en
General
-
Target
2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546.exe
-
Size
104KB
-
MD5
15ac7fbcd8374c0b164559f9ee0cad0c
-
SHA1
195dfdc83e8564069b3d66242530a2a6123e5ee6
-
SHA256
2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546
-
SHA512
f4543b0005cd07aaa5f1baaeabee9fe9a3f7390d878456cb502abbfc6d861ea51171c03e9692c285a9b35872a2641c98eba40677c91e56c940da8d545ec18910
-
SSDEEP
768:PxinMzXTb/YGY3TtBKLg66gSB6jh2Q1kwFby4iLRKIrR1bBe4T8vpIQR1nJhgfie:8MTPYGUXTHGG3le44R7RJJhiow
Malware Config
Extracted
guloader
https://probeleza.com.br/hn/janomo_FzoNlNqty180.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1132-56-0x0000000000330000-0x000000000033C000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546.exepid process 1132 2a6bc2d4b52a48b0653f02917d5f136d2a9767a198b13b4d4e5f9c0e66fc0546.exe