Analysis
-
max time kernel
133s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2023 12:25
Static task
static1
Behavioral task
behavioral1
Sample
261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe
Resource
win10v2004-20230703-en
General
-
Target
261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe
-
Size
64KB
-
MD5
1b97a789272add250343347db7caf5b9
-
SHA1
36aceef7876f82242459637867233dc8457e6a62
-
SHA256
261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac
-
SHA512
4a2762a5e376a1f483e24e3bc9848e96d0844f213d348cdb31740dbb1542bb186020203c43d33c8eee777f096aa578d12e4e503529371b6832e7defbc4e432be
-
SSDEEP
768:EzYGJZ+siO96LXtqmuSr1d9d71qrFaLY6nLv:RG/iR7tqRSrrT71qx2
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=B86046E8CBD4254B&resid=B86046E8CBD4254B%21111&authkey=AMIsElHhkRwVn9M
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 2 IoCs
Processes:
resource yara_rule behavioral2/memory/1568-135-0x0000000002250000-0x000000000225E000-memory.dmp family_guloader behavioral2/memory/1568-136-0x0000000002250000-0x000000000225E000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exepid process 1568 261bb89d3f08c3bd8050749e0bd767b0854cf442d3eb9c9a3862e975d6b96aac.exe