Overview

overview

10

Static

static

3

345ed67cf4...93.exe

windows7-x64

10

345ed67cf4...93.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    345ed67cf43e000ffa57dfc07fc6606f757cf88a6d3b9d8778444d7eef1dd793.exe

  • Size

    461KB

  • Sample

    240509-ltlcfabe9s

  • MD5

    789ee5c5300dc862faaf96475720f9bc

  • SHA1

    0ef8137d58a07747fc9d4e5708241ff298734646

  • SHA256

    345ed67cf43e000ffa57dfc07fc6606f757cf88a6d3b9d8778444d7eef1dd793

  • SHA512

    1f9ccdffa0ef09d89d0f024a5c698c0a4c6e3666353db38f5d3b48f49ca00544b038ca6db6069e3eee93f1c66d11467bde3ecf53148f2add1c7206e701ba2b23

  • SSDEEP

    12288:vgEdJmlO0y9cb0crEM9wH056oDWLJuNdRey:bdJmlO995cAKwA6bLJuNKy

Score
10/10
guloaderdownloader

Malware Config

Targets

    • Target

      345ed67cf43e000ffa57dfc07fc6606f757cf88a6d3b9d8778444d7eef1dd793.exe

    • Size

      461KB

    • MD5

      789ee5c5300dc862faaf96475720f9bc

    • SHA1

      0ef8137d58a07747fc9d4e5708241ff298734646

    • SHA256

      345ed67cf43e000ffa57dfc07fc6606f757cf88a6d3b9d8778444d7eef1dd793

    • SHA512

      1f9ccdffa0ef09d89d0f024a5c698c0a4c6e3666353db38f5d3b48f49ca00544b038ca6db6069e3eee93f1c66d11467bde3ecf53148f2add1c7206e701ba2b23

    • SSDEEP

      12288:vgEdJmlO0y9cb0crEM9wH056oDWLJuNdRey:bdJmlO995cAKwA6bLJuNKy

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fc3772787eb239ef4d0399680dcc4343

    • SHA1

      db2fa99ec967178cd8057a14a428a8439a961a73

    • SHA256

      9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed

    • SHA512

      79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89

    • SSDEEP

      192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks