Overview

overview

10

Static

static

f83ba4bf99...fa.exe

windows7-x64

10

f83ba4bf99...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe

  • Size

    72KB

  • MD5

    aca19d685ccae22e826d8904f37b1e61

  • SHA1

    bc74ba38c10941dc8a2232a833d4bdb400c605ef

  • SHA256

    f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa

  • SHA512

    9cc6a763e4f9d975d7cc8e3d1bca0b780baf5d9a26ea56087c51a80019de136d5b5b750d5f136434420d31b2a5427b3dbf37b72dc34d658a4d38463e2df2e4e0

  • SSDEEP

    768:WfGO5RqWfHgpebWANE2ummHXilOC6+BG7+BdtQRSHfY9dsX:aLbfHOhA7GccP+BdtQwg9d

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://9967799882.burrow.io/2pac/v2_0_Raw_kzFMIRCiND183.bin

xor.base64

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Guloader payload 1 IoCs
    guloader
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe
    "C:\Users\Admin\AppData\Local\Temp\f83ba4bf99c2ca8f73c00213e2cf8ff0c64650244f1a55906c97ff7bdd684cfa.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1652-56-0x0000000000360000-0x000000000036C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/1652-57-0x0000000076D40000-0x0000000076EE9000-memory.dmp
    Filesize

    1.7MB

    Download