Malware Analysis Report

2025-08-05 14:06

Sample ID 230804-wsnfhsde87
Target 66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1gz_JC.gz
SHA256 66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1
Tags
guloader downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1

Threat Level: Known bad

The file 66f77b6ae2f664a173391e4fd15b04e18f992016a56b2d0fdbd27e8003ef72d1gz_JC.gz was found to be: Known bad.

Malicious Activity Summary

guloader downloader

Guloader,Cloudeye

Loads dropped DLL

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-04 18:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-04 18:11

Reported

2023-08-04 18:13

Platform

win7-20230712-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"

Signatures

Guloader,Cloudeye

downloader guloader

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe

"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsd7C91.tmp\System.dll

MD5 8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 7cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA256 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512 ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

memory/2028-62-0x0000000003010000-0x0000000004331000-memory.dmp

memory/2028-63-0x0000000003010000-0x0000000004331000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-04 18:11

Reported

2023-08-04 18:13

Platform

win10v2004-20230703-en

Max time kernel

145s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"

Signatures

Guloader,Cloudeye

downloader guloader

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe

"C:\Users\Admin\AppData\Local\Temp\Karine Petakchyan_cn23_9472851349.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
NL 88.221.24.32:443 www.bing.com tcp
NL 88.221.24.32:443 www.bing.com tcp
NL 88.221.24.32:443 www.bing.com tcp
NL 88.221.24.32:443 www.bing.com tcp
NL 88.221.24.32:443 www.bing.com tcp
US 8.8.8.8:53 32.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 2.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 120.150.79.40.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsd8167.tmp\System.dll

MD5 8cf2ac271d7679b1d68eefc1ae0c5618
SHA1 7cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA256 6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512 ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

memory/4004-141-0x0000000004260000-0x0000000005581000-memory.dmp

memory/4004-142-0x0000000004260000-0x0000000005581000-memory.dmp