Overview

overview

10

Static

static

1

f320ff644d...fa.exe

windows7-x64

10

f320ff644d...fa.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f320ff644d3fdfa1aab47e0e534e0c109cdc85022a7b692559c27a16e94696fa.exe

  • Size

    1.1MB

  • Sample

    240921-b4fvlazajd

  • MD5

    2f513d44fd0845e6cdbabc874dc55a53

  • SHA1

    bc19d6af2ea26015793bc6ffbe8527254d5c4e58

  • SHA256

    f320ff644d3fdfa1aab47e0e534e0c109cdc85022a7b692559c27a16e94696fa

  • SHA512

    5bfdaff3ce7ed5c0f39f4584ca82b0c121ce36a29e3e1b0130cfef53a92d776476c9a67f69a38bdbd7a388142d715d91941e7636d8acefd1c078352f3dce2846

  • SSDEEP

    12288:Cm12amGfy0D581DiNyQm6m3zwKjhMDQ73Ti/aG7cJEgH7K3UK+n1hxOcCMV3fAy9:Cmrm70l81DiNhbghFH7qUrvxOcC899

Score
10/10
guloaderdiscoverydownloaderexecution

Malware Config

Targets

    • Target

      f320ff644d3fdfa1aab47e0e534e0c109cdc85022a7b692559c27a16e94696fa.exe

    • Size

      1.1MB

    • MD5

      2f513d44fd0845e6cdbabc874dc55a53

    • SHA1

      bc19d6af2ea26015793bc6ffbe8527254d5c4e58

    • SHA256

      f320ff644d3fdfa1aab47e0e534e0c109cdc85022a7b692559c27a16e94696fa

    • SHA512

      5bfdaff3ce7ed5c0f39f4584ca82b0c121ce36a29e3e1b0130cfef53a92d776476c9a67f69a38bdbd7a388142d715d91941e7636d8acefd1c078352f3dce2846

    • SSDEEP

      12288:Cm12amGfy0D581DiNyQm6m3zwKjhMDQ73Ti/aG7cJEgH7K3UK+n1hxOcCMV3fAy9:Cmrm70l81DiNhbghFH7qUrvxOcC899

    Score
    10/10
    guloaderdiscoverydownloaderexecution

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks