Overview

overview

10

Static

static

3

495b0122-e...af.exe

windows7-x64

10

495b0122-e...af.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    EEFA163975EECFCA65224623F2BA310E633D98D62E35BD8F0F0A5127EA37A246

  • Size

    687KB

  • Sample

    230518-cgtzdagd5x

  • MD5

    14a7895f66e0cb9c00b477baac4f324c

  • SHA1

    8806eab80b54f25f47645f49f15f26cb04f604ab

  • SHA256

    eefa163975eecfca65224623f2ba310e633d98d62e35bd8f0f0a5127ea37a246

  • SHA512

    4c9b5c85dec5dd5c446622258a1de9d3075399f3953c92bf9c3c437f6f41eba023b635ae608df2b283861b2505eba1d2cdfc325cef8c56809aa57cf0548684be

  • SSDEEP

    12288:PTm0b92HKtXt1pC80ZoYInnitBWarBcufCuyfStzzwW4blUKY6:y0AWxORysCffStyY6

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      495b0122-e196-4271-8992-bc9b22c8a5af.exe

    • Size

      767KB

    • MD5

      b6109aab2d2a51ea0c6f6b28aa2a869a

    • SHA1

      c02f08dea05b56f953b5c724499c552dc7126c4a

    • SHA256

      2abb89507bbcec354ea3293c13851505059ade5b0b6070793cd69e44e01dcceb

    • SHA512

      9651051086d96a83fcbf8cfcd11f2e569a08a905e74deece22756a357594c601be05fa81f9d624c2c6014cf4a5a9ad9ca5a904751faf53d7a0e2dd3870e7b627

    • SSDEEP

      12288:/ghti/pICWSh/cg9E2bCVGpzOH/8/6l0ankiuhSnRTt1q15WkndorDNJcaugJjUJ:4O2ohkgO2Goek00ankzhSpXq15fndorw

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks