guloader | c736f6b8be27697e20df7837cfbc93b93feadc5faf9252dda0151824cc319dfe | Triage

Submit
Reports

Overview

overview

Static

static

1

Extraccion...CC.exe

windows7-x64

Extraccion...CC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Extraccion_Asepeyo_ECC.rar
Size

275KB
Sample

230323-xd5xpabd7y
MD5

896e8ec09597ab55a387fc0ec3da493a
SHA1

cfe2c7f67a49b92dd69c6c7df0892e9aa1350194
SHA256

c736f6b8be27697e20df7837cfbc93b93feadc5faf9252dda0151824cc319dfe
SHA512

3fb767b9511f89548bb328100017adbffa2a66f4a80e481cc8850da76d592ad4e29e2b29f198ceba18b33f288d9b76ca9c543e75094960c42d309208bae7817f
SSDEEP

6144:a7W5atZuPPV/szKMK31ZZ479CvguDGYzsEO1nuA0qr2g:a6cbWPV/AK3J47uqYgxuAFr2g

Score

10^/10

guloader snakekeylogger collection downloader keylogger stealer

Static task

static1

Behavioral task

behavioral1

Sample

Extraccion_Asepeyo_ECC.exe

Resource

win7-20230220-en

guloader snakekeylogger collection downloader keylogger stealer

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

Extraccion_Asepeyo_ECC.exe

Resource

win10v2004-20230220-en

guloader snakekeylogger collection downloader keylogger stealer

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
mail.trnmoda.com
Port:
587
Username:
[email protected]
Password:
Trn!2022---
Email To:
[email protected]

Targets

- Target
  
  Extraccion_Asepeyo_ECC.exe
- Size
  
  340KB
- MD5
  
  70ee8b692e67cb2d4c9ef93b9a80030b
- SHA1
  
  cbea44f294f7cf40da91470f078a961f9645d6d2
- SHA256
  
  84e316ba28c1745989fcba630c13792daa4286bee90d828d9eb6e9f36d86f4fd
- SHA512
  
  5fad2808729481998876b62b819ead3f28b12dfd80dfb11b43ebb4d121c3c46e46294afce87038210485bbba1c6aed8b927a4d47e1d89a01829e340b9be08712
- SSDEEP
  
  6144:nQ606xUAK/TxV595DDV3pv/LW9f6Mu18qMnDf0rXkOEjFX59vtoS7FJJcFg:k3LJZ3pHLW9fG3eDfkCx3vtVJncFg
Score

10^/10

guloader snakekeylogger collection downloader keylogger stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloadersnakekeyloggercollectiondownloaderkeyloggerstealer

behavioral2

guloadersnakekeyloggercollectiondownloaderkeyloggerstealer

© 2018-2025

Terms | Privacy