General

  • Target

    74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a

  • Size

    104KB

  • Sample

    230718-k932rahd22

  • MD5

    20669aaed8d12c7513bd705aefc92f8d

  • SHA1

    06ab6d734a0007b5fa97320ae4ac170f4b7ba1f5

  • SHA256

    74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a

  • SHA512

    4870df33925297b8e196ecedf8ef69c68e737116b288819e26fb6af6a3987e6761b4a8f4277f3ff59e8123e5668de1134897e780d6a7f1c27daaeac676e38a9e

  • SSDEEP

    768:XpOUzr1wlbA9Jpb3CFjyIyM8pbtMOcrvpWGYnNLGbRJH/UABF1CybT3IYW2IpEGj:5nNwlbA9JpGFjLXobt4vofnNK19GLKm

Score
10/10

Malware Config

Extracted

Family

guloader

C2

http://castmart.ga/~zadmin/icloud/bill_encrypted_9743D3F.bin

xor.base64

Targets

    • Target

      74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a

    • Size

      104KB

    • MD5

      20669aaed8d12c7513bd705aefc92f8d

    • SHA1

      06ab6d734a0007b5fa97320ae4ac170f4b7ba1f5

    • SHA256

      74f7a22f258a13c4926316f14a0178086601cdb54507a9f2c18cad8c388a753a

    • SHA512

      4870df33925297b8e196ecedf8ef69c68e737116b288819e26fb6af6a3987e6761b4a8f4277f3ff59e8123e5668de1134897e780d6a7f1c27daaeac676e38a9e

    • SSDEEP

      768:XpOUzr1wlbA9Jpb3CFjyIyM8pbtMOcrvpWGYnNLGbRJH/UABF1CybT3IYW2IpEGj:5nNwlbA9JpGFjLXobt4vofnNK19GLKm

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks