guloader | 10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c | Triage

Submit
Reports

Overview

overview

Static

static

3

10e5aba7f3...9c.exe

windows7-x64

10e5aba7f3...9c.exe

windows10-2004-x64

Sharing

General

Target

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c.exe
Size

112KB
Sample

240226-h2tf8sgc5t
MD5

b0fb65f8075670b46aa1491da4f51c90
SHA1

fd87f96e5a300f71278aa6ad1ccdb8dd01c1de2a
SHA256

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c
SHA512

69e6d9631c81a48ba5301f8b978fb698f7ed1d9335ec0e7a6775fef925796cd7628f3a8699169025a115b3f7b042cd655a3078d5281fb088d6c548a576c1a986
SSDEEP

3072:TBtjiTHGb/fyQW6qqxFRsvPOW31bfrnb/dtXG12:TDVqQ+

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c.exe

Resource

win7-20240221-en

guloader downloader guloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c.exe

Resource

win10v2004-20240221-en

guloader downloader guloader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1x4QIaEIYJueFynpzhwtnkaCxNkLmm3B0

xor.base64

Targets

- Target
  
  10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c.exe
- Size
  
  112KB
- MD5
  
  b0fb65f8075670b46aa1491da4f51c90
- SHA1
  
  fd87f96e5a300f71278aa6ad1ccdb8dd01c1de2a
- SHA256
  
  10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c
- SHA512
  
  69e6d9631c81a48ba5301f8b978fb698f7ed1d9335ec0e7a6775fef925796cd7628f3a8699169025a115b3f7b042cd655a3078d5281fb088d6c548a576c1a986
- SSDEEP
  
  3072:TBtjiTHGb/fyQW6qqxFRsvPOW31bfrnb/dtXG12:TDVqQ+
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy