Overview

overview

10

Static

static

3

44ccaf612d...c4.exe

windows7-x64

10

44ccaf612d...c4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d319fee1a295e5b7d901a69de2fef70c.bin

  • Size

    338KB

  • Sample

    230611-cc17wsgc97

  • MD5

    960bcd1a8b05a4f8b74736a64634803f

  • SHA1

    484056b48e3b0f5b318c9cff1b66a7169aead8aa

  • SHA256

    65a3c64d3a3233b59e05fb065e7c50c6b8d6598f8403ff7fc0cf7656da0d1fa7

  • SHA512

    0e3471ccc2572768f8fcc835d42a26024359a81b666d6df3f5a3a425874aa7976bc18176e4393a2b0cba3ec01b2ee9c0507b0f9d92d45a2d38e454fd4864bd42

  • SSDEEP

    6144:uwg43pGbadHRnXiRqhNu0mZm4n6gUIa/fyBoKnj7L9ZUiQnpRtxGP6GA4:ssdHRyau0mZdnKtKj7L9onp4PjA4

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      44ccaf612dddde11842167c8d5b7c336272ceb8c332f1325abf3e690382f02c4.exe

    • Size

      467KB

    • MD5

      d319fee1a295e5b7d901a69de2fef70c

    • SHA1

      ae2397688f56c3b8b56448a11027a3aae652084b

    • SHA256

      44ccaf612dddde11842167c8d5b7c336272ceb8c332f1325abf3e690382f02c4

    • SHA512

      84487fdb134bbb5664591cb481f5f789eae2efef29b4ae0385ba5d898ef893f09d203c017d4fd8be46e7560bc10c14539287af5f592698da0284f505f694edf8

    • SSDEEP

      6144:imOPQGwvUsu5KcHlmI+PQM345zPU7Ldb2IXvckRgqqYg+ln:TRu5KjZPQ2KM7LkIfrRhq/+ln

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks