Overview

overview

10

Static

static

3

PO_4500389...22.exe

windows7-x64

10

PO_4500389...22.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45a95817d50c64f2340c481541ba837e2f13263d0ff6db4396ab16914279439a.img

  • Size

    1.2MB

  • Sample

    240427-bqvftsgh5x

  • MD5

    c755c5c682da599ba12036dd608b866d

  • SHA1

    ab473b32f99051d69b5b07dab5317412d0af760e

  • SHA256

    45a95817d50c64f2340c481541ba837e2f13263d0ff6db4396ab16914279439a

  • SHA512

    867941dab88fb989f3794bca7bd8ee0f1033510f2156851a466ead1f824ebd6238d0a8a6b897255652fd8ea877584fcde35ceafc50774a5bcc685e2a0a5ecf7c

  • SSDEEP

    6144:Rz27B8gj9StARX5mdUP49xHcZYDbTECOpckKhaITOYFog9qg6cOTmsYQa9cW3B+u:pIXp49FGYDcnGd73qq2TY4CBH

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      PO_450038969222222.exe

    • Size

      624KB

    • MD5

      acefcf62c3b1562fccbc6b09bd635e46

    • SHA1

      59d2672f9874c68861850e7b7854653aa51107af

    • SHA256

      c48ee19744cf5c99735454ecdfc48e5c0943e44c175481725d62a104b140826b

    • SHA512

      e0b5197fd71e6ca578ef7518e254bdfa06b207598372d12646ea3c79bfa6c45859ed809bd744007f2edee2b5bc9f6ba606dcffebdb80bb5e5382181b30e68ec9

    • SSDEEP

      6144:5z27B8gj9StARX5mdUP49xHcZYDbTECOpckKhaITOYFog9qg6cOTmsYQa9cW3B+u:hIXp49FGYDcnGd73qq2TY4CBH

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      375e8a08471dc6f85f3828488b1147b3

    • SHA1

      1941484ac710fc301a7d31d6f1345e32a21546af

    • SHA256

      4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78

    • SHA512

      5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8

    • SSDEEP

      192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks