Analysis
-
max time kernel
44s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 16:27
Static task
static1
Behavioral task
behavioral1
Sample
f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe
Resource
win10v2004-20220812-en
General
-
Target
f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe
-
Size
72KB
-
MD5
aca19d685ccae22e826d8904f37b1e61
-
SHA1
bc74ba38c10941dc8a2232a833d4bdb400c605ef
-
SHA256
f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa
-
SHA512
9cc6a763e4f9d975d7cc8e3d1bca0b780baf5d9a26ea56087c51a80019de136d5b5b750d5f136434420d31b2a5427b3dbf37b72dc34d658a4d38463e2df2e4e0
-
SSDEEP
768:WfGO5RqWfHgpebWANE2ummHXilOC6+BG7+BdtQRSHfY9dsX:aLbfHOhA7GccP+BdtQwg9d
Malware Config
Extracted
guloader
https://9967799882.burrow.io/2pac/v2_0_Raw_kzFMIRCiND183.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1652-56-0x0000000000360000-0x000000000036C000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exepid process 1652 f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe