Analysis
-
max time kernel
21s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 16:27
Static task
static1
Behavioral task
behavioral1
Sample
96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe
Resource
win10v2004-20220812-en
General
-
Target
96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe
-
Size
96KB
-
MD5
dd7f628ba2ac5e60d415273a789f18be
-
SHA1
336a660ab0b0e708f16342e9c7aede8a7b9505cb
-
SHA256
96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756
-
SHA512
108a3b3fa6dc1b9194cc69744bf96a2c743b594fba76f296db5cb444fcf8f050dcba8d8d1f434b04fbe39cd5f64c01876d6aad180a3163be983a134b37d895c7
-
SSDEEP
1536:EaAeCsa/WMafKICHYdrPHpFHx+KkjWh2Z:dCf/WMaSIhx/pXyz
Malware Config
Extracted
guloader
https://victoragboifo.com/ui/janomo_fQdIvwTxFA102.bin
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2028-56-0x0000000000300000-0x000000000030C000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exepid process 2028 96942205b5b6d26c2bcf3992fac581e9deb2f09b45359f9736b89b35ca093756.exe