guloader | 261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac

Analysis

max time kernel
133s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2023 12:25

Target

261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe
Size

64KB
MD5

1b97a789272add250343347db7caf5b9
SHA1

36aceef7876f82242459637867233dc8457e6a62
SHA256

261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac
SHA512

4a2762a5e376a1f483e24e3bc9848e96d0844f213d348cdb31740dbb1542bb186020203c43d33c8eee777f096aa578d12e4e503529371b6832e7defbc4e432be
SSDEEP

768:EzYGJZ+siO96LXtqmuSr1d9d71qrFaLY6nLv:RG/iR7tqRSrrT71qx2

Score

10^/10

Family

guloader

https://onedrive.live.com/download?cid=B86046E8CBD4254B&resid=B86046E8CBD4254B%21111&authkey=AMIsElHhkRwVn9M

xor.base64

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader payload 2 IoCs

guloader

Processes:

resource	yara_rule
behavioral2/memory/1568-135-0x0000000002250000-0x000000000225E000-memory.dmp	family_guloader
behavioral2/memory/1568-136-0x0000000002250000-0x000000000225E000-memory.dmp	family_guloader

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe

pid process

1568 261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe

pid	process
1568	261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe

C:\Users\Admin\AppData\Local\Temp\261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe
"C:\Users\Admin\AppData\Local\Temp\261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1568

memory/1568-135-0x0000000002250000-0x000000000225E000-memory.dmp

Filesize
56KB

Download
memory/1568-136-0x0000000002250000-0x000000000225E000-memory.dmp

Filesize
56KB

Download