guloader | 793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee | Triage

Submit
Reports

Overview

overview

Static

static

793f2f8dfe...ee.exe

windows7-x64

793f2f8dfe...ee.exe

windows10-2004-x64

Sharing

General

Target

793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee
Size

84KB
Sample

230129-t8vtesea85
MD5

70ed29c8a7ade32fabff34b24fa991b3
SHA1

4ef2f2e199afe62184aeb472e3727655167c6104
SHA256

793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee
SHA512

e2a0293af980c4b96cf061dfd6f90aa780f315109750657f6abe1b5a96f4b41875f1d8472ad082315461719257fc6fc6bf8bf9ab0048489e8ec9da734b9af50e
SSDEEP

768:Pw5XDW3Cf0jYEfGEYeqsW/y1cawgSNnPFfHr8jNEK4cRXuPHC5qLS7OGvy2yYJkT:45q3IeGv/oSBdL8jPsHsK+1OShJM

Score

10^/10

guloader downloader guloader

Static task

static1

Behavioral task

behavioral1

Sample

793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee.exe

Resource

win7-20221111-en

guloader downloader guloader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee.exe

Resource

win10v2004-20220812-en

guloader downloader guloader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1nnl01kb-i9suGiNkUXB-JA4XCUUKt-1j

xor.base64

Targets

- Target
  
  793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee
- Size
  
  84KB
- MD5
  
  70ed29c8a7ade32fabff34b24fa991b3
- SHA1
  
  4ef2f2e199afe62184aeb472e3727655167c6104
- SHA256
  
  793f2f8dfed964a286fe7b96db07914872459c90baf13ff2c7b0bbeefa75abee
- SHA512
  
  e2a0293af980c4b96cf061dfd6f90aa780f315109750657f6abe1b5a96f4b41875f1d8472ad082315461719257fc6fc6bf8bf9ab0048489e8ec9da734b9af50e
- SSDEEP
  
  768:Pw5XDW3Cf0jYEfGEYeqsW/y1cawgSNnPFfHr8jNEK4cRXuPHC5qLS7OGvy2yYJkT:45q3IeGv/oSBdL8jPsHsK+1OShJM
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy