Overview

overview

10

Static

static

3

24571a6437...d6.exe

windows7-x64

10

24571a6437...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    24571a6437f3cbe7f8cea573aef6e9d6

  • Size

    44KB

  • Sample

    231231-ctfyaaeebm

  • MD5

    24571a6437f3cbe7f8cea573aef6e9d6

  • SHA1

    38669067f5df9d7c4decc16b5620ea1fa97694cf

  • SHA256

    bf97fc4685ac1afb19e0a6815277622a90b4e3852cd29709f6fd619e4e3eafd1

  • SHA512

    ef6ec2fc39a6b295848e4598352ffba0e3d24f2b3deeb5ce72ae28d1422b86589657fbbdcb538f23487ae013717ac12950b1d10d1700d9c7c0f19c777d3c0e1e

  • SSDEEP

    768:t+UMDR+fWdeZ6bbo2H2NKRdW0swFc0P8dVr/:t+Uk+gPHJRdW0swbPEr/

Score
10/10
guloaderdownloaderguloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1mK8LhnBsKo-Zn7Qnqp0FQO7GNxXp7Bq0

xor.base64

Targets

    • Target

      24571a6437f3cbe7f8cea573aef6e9d6

    • Size

      44KB

    • MD5

      24571a6437f3cbe7f8cea573aef6e9d6

    • SHA1

      38669067f5df9d7c4decc16b5620ea1fa97694cf

    • SHA256

      bf97fc4685ac1afb19e0a6815277622a90b4e3852cd29709f6fd619e4e3eafd1

    • SHA512

      ef6ec2fc39a6b295848e4598352ffba0e3d24f2b3deeb5ce72ae28d1422b86589657fbbdcb538f23487ae013717ac12950b1d10d1700d9c7c0f19c777d3c0e1e

    • SSDEEP

      768:t+UMDR+fWdeZ6bbo2H2NKRdW0swFc0P8dVr/:t+Uk+gPHJRdW0swbPEr/

    Score
    10/10
    guloaderdownloaderguloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks