guloader | 8059dc704b71f1a978547729e4afdf62f0c834950758ca8bb6a25fa6fca0b03d

General

Target

PURCHASEORDERSHEET&SPECIFICATIONSDOC.exe
Size

753KB
Sample

240426-jdfqxabg69
MD5

dbe4440d32dc0b20dee76c192587ab33
SHA1

d5c94559655c5fc5bc552fce62aad8673731a3bb
SHA256

8059dc704b71f1a978547729e4afdf62f0c834950758ca8bb6a25fa6fca0b03d
SHA512

13eea3b51fce84b90b363de9b05f6e08fa0c082b67f0be91146f241ab49f7d421fec5d81b5507c6df396bdba21e71b6cef176f8a70a0d972c11cf2ad7d768efa
SSDEEP

6144:9zZzl4awJ9Gal0ZcMGDTBRA5bASrGs/1iLJ0ca8EptqioUCaSniaVgkpmcqaw/c0:DaalkPhH8V/kLBa8CwioQAxjw/ar4vd

Score

10^/10

Malware Config

Targets

- Target
  
  PURCHASEORDERSHEET&SPECIFICATIONSDOC.exe
- Size
  
  753KB
- MD5
  
  dbe4440d32dc0b20dee76c192587ab33
- SHA1
  
  d5c94559655c5fc5bc552fce62aad8673731a3bb
- SHA256
  
  8059dc704b71f1a978547729e4afdf62f0c834950758ca8bb6a25fa6fca0b03d
- SHA512
  
  13eea3b51fce84b90b363de9b05f6e08fa0c082b67f0be91146f241ab49f7d421fec5d81b5507c6df396bdba21e71b6cef176f8a70a0d972c11cf2ad7d768efa
- SSDEEP
  
  6144:9zZzl4awJ9Gal0ZcMGDTBRA5bASrGs/1iLJ0ca8EptqioUCaSniaVgkpmcqaw/c0:DaalkPhH8V/kLBa8CwioQAxjw/ar4vd
Score

10^/10

guloader collection downloader persistence spyware stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  6ad39193ed20078aa1b23c33a1e48859
- SHA1
  
  95e70e4f47aa1689cc08afbdaef3ec323b5342fa
- SHA256
  
  b9631423a50c666faf2cc6901c5a8d6eb2fecd306fdd2524256b7e2e37b251c2
- SHA512
  
  78c89bb8c86f3b68e5314467eca4e8e922d143335081fa66b01d756303e1aec68ed01f4be7098dbe06a789ca32a0f31102f5ba408bc5ab28e61251611bb4f62b
- SSDEEP
  
  96:qIsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9Fug:ZVL7ikJb76BQUoUm+RnyXVYO2RvHFug
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  052a077ee8b519aadbcf29e6b5e710a4
- SHA1
  
  b3ab29d0ebdbdca63e4dffd2fd2e6b9188ffae4b
- SHA256
  
  9a1a5c6f598247bfa52624cd793b9ef4fb85863cc9dfd69eb7ef671cacc906c9
- SHA512
  
  cb11cba331b85122dcc2d57171ce20382af0a9fdf0a85a30155404d975901a313c9285eb9445e51979c6ec8416ccdf97fdeaf1bd2203c9395ad046a385a90009
- SSDEEP
  
  96:Q7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNF38:aygp3FcHi0xhYMR8dMqJVgN
Score

3^/10
behavioral5 behavioral6