guloader | c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275 | Triage

Sharing

General

Target

c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275
Size

100KB
Sample

230129-ts67hsde34
MD5

c8c40b010a3853eed35081c3675f5cc9
SHA1

2422b9359fa3e983816904abcd0d2edcc2e4602c
SHA256

c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275
SHA512

8068127f874cf4e549f0268198af2f24b5ad825a2d38b4a6dcdf6d6c0261a2e7f73bd8aeb4915ee0eec31e865f1cecd8bffa2efc98dae3d560e645b157761f4f
SSDEEP

1536:JM+VffsakR8aXL0qyTkZdcm6DAZc7kb7R5X8:JM4sakRR7pMiqPcZcf

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://185.161.211.58/XP_remcos%202021_HzUYr10.bin

xor.base64

Targets

- Target
  
  c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275
- Size
  
  100KB
- MD5
  
  c8c40b010a3853eed35081c3675f5cc9
- SHA1
  
  2422b9359fa3e983816904abcd0d2edcc2e4602c
- SHA256
  
  c394bb5a204c6e25c1a23b3564d84fabf4e42dfde765add1421f77c47d643275
- SHA512
  
  8068127f874cf4e549f0268198af2f24b5ad825a2d38b4a6dcdf6d6c0261a2e7f73bd8aeb4915ee0eec31e865f1cecd8bffa2efc98dae3d560e645b157761f4f
- SSDEEP
  
  1536:JM+VffsakR8aXL0qyTkZdcm6DAZc7kb7R5X8:JM4sakRR7pMiqPcZcf
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader