Overview

overview

10

Static

static

3

6e056dac72...df.exe

windows7-x64

10

6e056dac72...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e056dac72056b6e8765b145041385df

  • Size

    460KB

  • Sample

    231226-phz81aaebj

  • MD5

    6e056dac72056b6e8765b145041385df

  • SHA1

    59b48527547a1373184cbd3aa37917cb1ec2464e

  • SHA256

    c6645732ddab78c543cc07ef50f3623b28ac76e83a37cc00f127c4e71adaf8b5

  • SHA512

    25a9fd0a60ec24042f787f952ac00a6f111ad19121cd8ba0e1698742bfa1d6376cc1e9d4555f26e25d0d50b1cde34d8587d8f3ad2e2fbe3189fec97b5cce8bf9

  • SSDEEP

    768:qv/uZitFPxEdATcv236+DYlMRj9tzgVzKi+XjEoGOtsS:U/uZitFPudEKOYlw/zgVzczEoGi1

Score
10/10
guloaderdownloaderguloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://www.sendspace.com/pro/dl/qfjmwv

xor.base64

Targets

    • Target

      6e056dac72056b6e8765b145041385df

    • Size

      460KB

    • MD5

      6e056dac72056b6e8765b145041385df

    • SHA1

      59b48527547a1373184cbd3aa37917cb1ec2464e

    • SHA256

      c6645732ddab78c543cc07ef50f3623b28ac76e83a37cc00f127c4e71adaf8b5

    • SHA512

      25a9fd0a60ec24042f787f952ac00a6f111ad19121cd8ba0e1698742bfa1d6376cc1e9d4555f26e25d0d50b1cde34d8587d8f3ad2e2fbe3189fec97b5cce8bf9

    • SSDEEP

      768:qv/uZitFPxEdATcv236+DYlMRj9tzgVzKi+XjEoGOtsS:U/uZitFPudEKOYlw/zgVzczEoGi1

    Score
    10/10
    guloaderdownloaderguloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks