Overview

overview

10

Static

static

3

d032bf21aa...e7.exe

windows7-x64

10

d032bf21aa...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34125118c603cbb2c4f6e6362e28ab2b8162de4eadf86dcda60c9df74b8be350

  • Size

    63KB

  • Sample

    241121-zjec2axmgy

  • MD5

    fa98294c58c04f97fac6d9f0f03616f9

  • SHA1

    7e3b737f8a6d40828906b22ba89c1f47348d6b0a

  • SHA256

    34125118c603cbb2c4f6e6362e28ab2b8162de4eadf86dcda60c9df74b8be350

  • SHA512

    18d47c014964c3996f220ae6ce234f54af018f13ef17697b496ffd614f59a460facc70470865a125049294240aa34bedb61241861bf109aac237725750a62ee8

  • SSDEEP

    1536:vquBWo4hSK4R9AwSbtqr+7FW1GO7GYGSTl34PbruPnNnr2L8GaJud:8hSRAzbtqr+xqTTloDruVnr2xku

Score
10/10
guloaderdiscoverydownloader

Malware Config

Extracted

Family

guloader

C2

http://45.85.90.226/kt.bin

xor.base64

Targets

    • Target

      d032bf21aa1029b3d49763fd303dd84ad36c303a07ea1293e039bc8c35c0e1e7

    • Size

      164KB

    • MD5

      0040a650409cbf4a64597ee1f64b874f

    • SHA1

      3a54dce238334d6d59ba7a796a43e86c917478a8

    • SHA256

      d032bf21aa1029b3d49763fd303dd84ad36c303a07ea1293e039bc8c35c0e1e7

    • SHA512

      e54cfb9af724864753a8a6eede4b1ffa5b1e95e8082d5c306f6ad16342af2e48bcb4bf6b137ca43407970cb18ebab16580eeeaf50d425d06fe40e761d93dda49

    • SSDEEP

      3072:etOcNsL93qdY0F51nCyBQifSgwKAs/RF53IyVx1rm7gwc3yGChGZrjFZxFsKdxw6:eUV0rC3i6gys/RF53IyVx1rm7gwc3yG3

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks