Overview

overview

10

Static

static

1

0e1e4acc6d...db.exe

windows7-x64

10

0e1e4acc6d...db.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2504b14fedd9f5f647b5652cc29ade29.bin

  • Size

    815KB

  • Sample

    230519-bgtsyadc3z

  • MD5

    7fd98c5002f34e0eb5a72dd27bf8cb5d

  • SHA1

    cd2af4fde519f91692f6e39a029f3aac89cc99c9

  • SHA256

    5f81ffcd48ea3463ba341a9baf50e7264bea3a58152746d133ee02b64d5c751c

  • SHA512

    79ab6fb671f46bb220cd21c50fab559c93348a0f3f6c2fba31db3458ea49528c794f745b2371fc6c6b95d0c7b76cc4d44e2dbac1f7fb18d78abf41249e128606

  • SSDEEP

    24576:x7H7khV31SKYVflOOe5FW2qrWmUzqdjtEuTTNvB:xz6V31WfwOw4rWZsxnNvB

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      0e1e4acc6d6361c0e7673e468afac317adb986424ef51f74eba25b77d4b257db.exe

    • Size

      843KB

    • MD5

      2504b14fedd9f5f647b5652cc29ade29

    • SHA1

      8329092bc1bb42271b03ce39ebace67aad7251bb

    • SHA256

      0e1e4acc6d6361c0e7673e468afac317adb986424ef51f74eba25b77d4b257db

    • SHA512

      fbb4580d1b7214d8de82e41e539c7f943be2b2346d26fb43ac5c6f82c227d3718a5bc1887087d8fbd7e5e16ef4164ae5e0b15181bdc46a9d78620a47f5395d7b

    • SSDEEP

      12288:grRquUHNB4qtoqpYouIrsoPlxxsUzZbhuOWzM6QnVpFqjzieeQ:z/HcRqqoLxx3zZ9uFzTEneD

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks