Overview

overview

10

Static

static

1

Arrau.exe

windows7-x64

10

Arrau.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Arrau.exe

  • Size

    1.0MB

  • Sample

    231009-f3n7ssaf2v

  • MD5

    2e8676a03e932238cd66ae2b694616a4

  • SHA1

    8d691b2ba0710ffe56aa7d92281126ec316e196a

  • SHA256

    f3b42984e87c2a8ce917732513c7ff6ec06f0298331c4ad60f63f000a0d240a2

  • SHA512

    78b3810abc503caafa649696118b131ccb544fb86d4dbd66775ed1d6942df02f82f6caf476ba0d46a995cc9730d301410b95a1183cc516662a011eaeb74e3177

  • SSDEEP

    24576:9hbv27In4nug1bM6mfcIuBFo7WCBYR06Nu0wzw:X27I4ug9MjkIYo7FS0H8

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      Arrau.exe

    • Size

      1.0MB

    • MD5

      2e8676a03e932238cd66ae2b694616a4

    • SHA1

      8d691b2ba0710ffe56aa7d92281126ec316e196a

    • SHA256

      f3b42984e87c2a8ce917732513c7ff6ec06f0298331c4ad60f63f000a0d240a2

    • SHA512

      78b3810abc503caafa649696118b131ccb544fb86d4dbd66775ed1d6942df02f82f6caf476ba0d46a995cc9730d301410b95a1183cc516662a011eaeb74e3177

    • SSDEEP

      24576:9hbv27In4nug1bM6mfcIuBFo7WCBYR06Nu0wzw:X27I4ug9MjkIYo7FS0H8

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks