Analysis
-
max time kernel
90s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-01-2023 17:42
Static task
static1
Behavioral task
behavioral1
Sample
b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe
Resource
win10v2004-20220901-en
General
-
Target
b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe
-
Size
72KB
-
MD5
07fe7fce03a8b2ab6e622a21ab45b9b5
-
SHA1
a2785b095cad1061add2b45326ecd6107cd5c577
-
SHA256
b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9
-
SHA512
e8c4781b2f8da2d8aba71bc55740631ce2e705cfeadcd844e93b6619de5f75afb1eee0365717d219aeb06f16c1129a6fb1dcf07b91818b86548dc81741d3dd91
-
SSDEEP
1536:pD2lrZNC7yEcNE2AGOAJYuSF+9aQ3xfY+YkXYD:pKlrrJEeE25YuSF+9aQhA+3XY
Malware Config
Extracted
guloader
https://drive.google.com/uc?export=download&id=1_2rg-XLl-xoZYRETTeBc0GLV9Saf0c8
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/616-134-0x0000000003BF0000-0x0000000003BFA000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exepid process 616 b9d1b8674cb42166b82850460394c451618cbdb28066072cb1eff219d5b755e9.exe