Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 16:27
Static task
static1
Behavioral task
behavioral1
Sample
002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f.exe
Resource
win10v2004-20220812-en
General
-
Target
002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f.exe
-
Size
120KB
-
MD5
0f8ab5c292125cbf9fd5627c93f4f00b
-
SHA1
a57f4af2ef17b9584f5cfd1ab326528231a570ec
-
SHA256
002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f
-
SHA512
627e61fef0ca7f82abe22830453d9806466f58b432def8b5f2235fa4befe48447e492d9fbf11b4e64bd435ad4069b24c2d6fbf68c887c12b8c1d810cba2f819c
-
SSDEEP
1536:Zk/fQD+j14nyS1wI0Etv7CTIZmneYqxV5aVg:ZkHjlJdYWPoAVg
Malware Config
Extracted
guloader
https://21twelveinteractive.com/yj/janomo_wgPYBASsWX114.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/5040-134-0x0000000002970000-0x000000000297C000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f.exepid process 5040 002da5544c439873fdeac3e2aa0e64f1928dbffa5699b225ecdb4b9e0f05e56f.exe