guloader | 65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2 | Triage

Submit
Reports

Overview

overview

Static

static

65816f0ec9...f2.exe

windows7-x64

65816f0ec9...f2.exe

windows10-2004-x64

Sharing

General

Target

65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2
Size

64KB
Sample

230718-qxvshaag65
MD5

256b869e5affcc4f55a16348467d8f55
SHA1

05a31b0f7ec22942bc4c41ca79f4b741cf88770f
SHA256

65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2
SHA512

c85445dc85aeb745ef73b0a1f6432e0de9e8b5e81d85ec575a8dc8fbe762be56012a5553a4b96a8f27c642e1aa555e0fa46f865419025607c594a00d10d18506
SSDEEP

768:EJyv/QudG0GnMUbtpZpXBWOnnKSqu3XAKIc3:EAv4udWLVlBtIEXADi

Score

10^/10

guloader downloader guloader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2.exe

Resource

win7-20230712-en

guloader downloader guloader

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2.exe

Resource

win10v2004-20230703-en

guloader downloader guloader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=1550143AA6F30C4B&resid=1550143AA6F30C4B%21111&authkey=AGgC6wX6Aua_0vk

xor.base64

Targets

- Target
  
  65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2
- Size
  
  64KB
- MD5
  
  256b869e5affcc4f55a16348467d8f55
- SHA1
  
  05a31b0f7ec22942bc4c41ca79f4b741cf88770f
- SHA256
  
  65816f0ec95d4d9bc5f962ea94fb244a870607a989acbdbbbd84dd525ded63f2
- SHA512
  
  c85445dc85aeb745ef73b0a1f6432e0de9e8b5e81d85ec575a8dc8fbe762be56012a5553a4b96a8f27c642e1aa555e0fa46f865419025607c594a00d10d18506
- SSDEEP
  
  768:EJyv/QudG0GnMUbtpZpXBWOnnKSqu3XAKIc3:EAv4udWLVlBtIEXADi
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy