guloader | 5d03aa31e99aec7138033b75ccac3012336305861abfca05d5a55e9d78476879 | Triage

Sharing

General

Target

ORDER099737723474PO7273.exe
Size

457KB
Sample

240530-gyqqhaha61
MD5

53266aed4a13d86143ce3f08c899ad58
SHA1

f0b7d826d3aa004dde798ff6ada74df96bc8b542
SHA256

5d03aa31e99aec7138033b75ccac3012336305861abfca05d5a55e9d78476879
SHA512

e9b65450ab0472c9a75d993d11c5daa3cc52c92ab388c022a82cad404b5009a596121f9e9a41fb162b62e5b748f0220dd03ec4f25293acfba581824269560427
SSDEEP

12288:d1T9qm2ynBT0X9is7bqZmp8+4WHAImLmHnN:79qm2yCEs6Of4e6mHN

Score

10^/10

guloader warzonerat collection downloader execution infostealer rat

Malware Config

Targets

- Target
  
  ORDER099737723474PO7273.exe
- Size
  
  457KB
- MD5
  
  53266aed4a13d86143ce3f08c899ad58
- SHA1
  
  f0b7d826d3aa004dde798ff6ada74df96bc8b542
- SHA256
  
  5d03aa31e99aec7138033b75ccac3012336305861abfca05d5a55e9d78476879
- SHA512
  
  e9b65450ab0472c9a75d993d11c5daa3cc52c92ab388c022a82cad404b5009a596121f9e9a41fb162b62e5b748f0220dd03ec4f25293acfba581824269560427
- SSDEEP
  
  12288:d1T9qm2ynBT0X9is7bqZmp8+4WHAImLmHnN:79qm2yCEs6Of4e6mHN
Score

10^/10

execution guloader warzonerat collection downloader infostealer rat
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  143e45d5929ba564ba0c3a0773be76e6
- SHA1
  
  c7e108ad681dd19afc646a43f7ce757388653f57
- SHA256
  
  8459feb67b7eb0caaaed607e0f36c8d4979abf1bad87e7f1c7c2b97c73174d6d
- SHA512
  
  1114403b9af202396ffe32610e1160313ff22c488f87b4a8f771d14fda02a954af7beacad5655143dafdf0af9a76b2a0d5c121ef57819e0567c367578482f003
- SSDEEP
  
  96:T7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkN238:0N8KgWAuLWxD8ZAGgmkN
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderwarzoneratcollectiondownloaderexecutioninfostealerrat

behavioral3

behavioral4