Overview

overview

10

Static

static

3

Bilateralt.exe

windows7-x64

7

Bilateralt.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bilateralt.exe

  • Size

    710KB

  • Sample

    241016-wlgz6atbqh

  • MD5

    936daa54a6dddd6f59d83e5c150a3b8f

  • SHA1

    bc79bb7cc3f63681c35e6779260ebf025372e429

  • SHA256

    e1dc693a5e55a541b2db24ed4bcfadb0a5047128ade9f42fdd4f1be2c428a19b

  • SHA512

    b0daa5db1c8f4abc97ee06e3d4343f5d24f8531977541f4f22811bea20fddb3ca59f094492d9d7c6f3576a026e8f0eef37d5e4392a82d3073f65a0d49a0df6b0

  • SSDEEP

    12288:mrgjBLiIK2WVy/Yqpuz/oU927aQmm7xR2ugcYMsOffhXmmwMRzcLSIHw:m0jBiIK2R/5puz/r927aTmrn8OBXjZcK

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Bilateralt.exe

    • Size

      710KB

    • MD5

      936daa54a6dddd6f59d83e5c150a3b8f

    • SHA1

      bc79bb7cc3f63681c35e6779260ebf025372e429

    • SHA256

      e1dc693a5e55a541b2db24ed4bcfadb0a5047128ade9f42fdd4f1be2c428a19b

    • SHA512

      b0daa5db1c8f4abc97ee06e3d4343f5d24f8531977541f4f22811bea20fddb3ca59f094492d9d7c6f3576a026e8f0eef37d5e4392a82d3073f65a0d49a0df6b0

    • SSDEEP

      12288:mrgjBLiIK2WVy/Yqpuz/oU927aQmm7xR2ugcYMsOffhXmmwMRzcLSIHw:m0jBiIK2R/5puz/r927aTmrn8OBXjZcK

    Score
    10/10
    discoveryguloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      dd87a973e01c5d9f8e0fcc81a0af7c7a

    • SHA1

      c9206ced48d1e5bc648b1d0f54cccc18bf643a14

    • SHA256

      7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1

    • SHA512

      4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f

    • SSDEEP

      192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks