guloader | 986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee | Triage

Submit
Reports

Overview

overview

Static

static

1

986a7af99d...ee.exe

windows7-x64

986a7af99d...ee.exe

windows10-2004-x64

Sharing

General

Target

986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee.exe
Size

827KB
Sample

241011-maabhasflk
MD5

bd22643b99f43bba3a8879e31769104f
SHA1

9cda02098e71ac53e3c9952d08b6f084f2162f5b
SHA256

986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee
SHA512

672f789f1cd6b67721a20763ec0b7c27a9b2280e9f1407d3ba675c41b2d52bf3b818f6c4fbfe97e5152080a6665ab92a262003e008aa2279c325ab39a8e4efd7
SSDEEP

24576:NVTcsrgw7y6ry23mjDVWhRcgBS7W2Gnm3Tw2L:NVcOgv22/uR3cS2Gnm3THL

Score

10^/10

guloader vipkeylogger collection discovery downloader execution keylogger stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee.exe

Resource

win7-20240903-en

guloader vipkeylogger discovery downloader execution keylogger stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee.exe

Resource

win10v2004-20241007-en

guloader vipkeylogger collection discovery downloader execution keylogger stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vipkeylogger

Credentials

Protocol: smtp
Host:
mail.terrazza.hr
Port:
587
Username:
[email protected]
Password:
Vodenjak123!
Email To:
[email protected]

Extracted

Credentials

Protocol: smtp
Host:
mail.terrazza.hr
Port:
587
Username:
[email protected]
Password:
Vodenjak123!

Targets

- Target
  
  986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee.exe
- Size
  
  827KB
- MD5
  
  bd22643b99f43bba3a8879e31769104f
- SHA1
  
  9cda02098e71ac53e3c9952d08b6f084f2162f5b
- SHA256
  
  986a7af99dae4669a8d396f33ec71a3dce83f49902481d65489078d32c8aedee
- SHA512
  
  672f789f1cd6b67721a20763ec0b7c27a9b2280e9f1407d3ba675c41b2d52bf3b818f6c4fbfe97e5152080a6665ab92a262003e008aa2279c325ab39a8e4efd7
- SSDEEP
  
  24576:NVTcsrgw7y6ry23mjDVWhRcgBS7W2Gnm3Tw2L:NVcOgv22/uR3cS2Gnm3THL
Score

10^/10

guloader vipkeylogger discovery downloader execution keylogger stealer collection
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- VIPKeylogger
  VIPKeylogger is a keylogger and infostealer written in C# and it resembles SnakeKeylogger that was found in 2020.
  stealer keylogger vipkeylogger
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloadervipkeyloggerdiscoverydownloaderexecutionkeyloggerstealer

behavioral2

guloadervipkeyloggercollectiondiscoverydownloaderexecutionkeyloggerstealer

© 2018-2025

Terms | Privacy