guloader | 2d1a4c1bfad4cb2393143a55069e3d74e382c5b693085608a61fd7c3ddad744a | Triage

Submit
Reports

Overview

overview

Static

static

3

4d09dbec88...9c.exe

windows7-x64

4d09dbec88...9c.exe

windows10-2004-x64

Sharing

General

Target

4d09dbec880c1ec01240c9253b30809c
Size

60KB
Sample

240109-cdmqwsbccq
MD5

4d09dbec880c1ec01240c9253b30809c
SHA1

5dfd348b0d82c991b546103343efd7573f65e6d6
SHA256

2d1a4c1bfad4cb2393143a55069e3d74e382c5b693085608a61fd7c3ddad744a
SHA512

dec42f4dc9c7f47e7401bf5ca2342301b0e8b1e3f38b343fa0dd5d00ed9c68c075520f4c6a9df584a9db119eecb11543bb2752e854336d0057700665f72ec8a1
SSDEEP

768:uQ9xLGhBQhEMUs5gxqa38NOfizJV+uBPLj30bQeL5cuCSsi:FQhkEfs5gL38midvjEEeLTj1

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4d09dbec880c1ec01240c9253b30809c.exe

Resource

win7-20231215-en

guloader downloader guloader

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d09dbec880c1ec01240c9253b30809c.exe

Resource

win10v2004-20231215-en

guloader downloader guloader

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://mindforcehypnosis.com/kly/nov_RiVAub27.bin

xor.base64

Targets

- Target
  
  4d09dbec880c1ec01240c9253b30809c
- Size
  
  60KB
- MD5
  
  4d09dbec880c1ec01240c9253b30809c
- SHA1
  
  5dfd348b0d82c991b546103343efd7573f65e6d6
- SHA256
  
  2d1a4c1bfad4cb2393143a55069e3d74e382c5b693085608a61fd7c3ddad744a
- SHA512
  
  dec42f4dc9c7f47e7401bf5ca2342301b0e8b1e3f38b343fa0dd5d00ed9c68c075520f4c6a9df584a9db119eecb11543bb2752e854336d0057700665f72ec8a1
- SSDEEP
  
  768:uQ9xLGhBQhEMUs5gxqa38NOfizJV+uBPLj30bQeL5cuCSsi:FQhkEfs5gL38midvjEEeLTj1
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy