Overview

overview

10

Static

static

10

76d521f027...ab.exe

windows7-x64

10

76d521f027...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76d521f0278a2c92d16d4e02bbb5e7ccc2140468c95c7e8ef7026151ce7a29ab

  • Size

    204KB

  • Sample

    230208-nlf4vsae68

  • MD5

    6cda0610a182d137fb37d73ef63b7bbe

  • SHA1

    5771183ee24742584b061b247d624bbcb7f274e7

  • SHA256

    76d521f0278a2c92d16d4e02bbb5e7ccc2140468c95c7e8ef7026151ce7a29ab

  • SHA512

    ea09eb3edbd3c0fa77a9cf3b2833e96b67afb36ebb056a57556785334bfa671e7a3eb564acaf526d556e563ccb7d733d1bbc168e80e79ce1a810331d148ad686

  • SSDEEP

    3072:rGWs2oL7TAQbs1xE4dfzh35FCX+pXgOoWc6SL96+hv7y9o9:rGxp7TXZ4dV6OpXgETSk+hv

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      76d521f0278a2c92d16d4e02bbb5e7ccc2140468c95c7e8ef7026151ce7a29ab

    • Size

      204KB

    • MD5

      6cda0610a182d137fb37d73ef63b7bbe

    • SHA1

      5771183ee24742584b061b247d624bbcb7f274e7

    • SHA256

      76d521f0278a2c92d16d4e02bbb5e7ccc2140468c95c7e8ef7026151ce7a29ab

    • SHA512

      ea09eb3edbd3c0fa77a9cf3b2833e96b67afb36ebb056a57556785334bfa671e7a3eb564acaf526d556e563ccb7d733d1bbc168e80e79ce1a810331d148ad686

    • SSDEEP

      3072:rGWs2oL7TAQbs1xE4dfzh35FCX+pXgOoWc6SL96+hv7y9o9:rGxp7TXZ4dV6OpXgETSk+hv

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks