Overview

overview

10

Static

static

3

d314fe7161...9b.exe

windows7-x64

7

d314fe7161...9b.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d314fe716123c0fac98d48d7d4acd4fe887217c2a9ad0fc96850235785f7f79b.exe

  • Size

    1.0MB

  • Sample

    250111-f1qb3swkhx

  • MD5

    8e4a2b26b311d9e5c9a920186b0b8025

  • SHA1

    f433a5c5020d31b0278b659e01cbb3882c671487

  • SHA256

    d314fe716123c0fac98d48d7d4acd4fe887217c2a9ad0fc96850235785f7f79b

  • SHA512

    06d922de26bf2808e740ae9c0d282c13dac4f4aa42e22458089f08b3297661ef2aefe16c0099bd1393fe5d443a10b1f425acf1fb2597ff63d31bbb37e76c613a

  • SSDEEP

    24576:9jwKCNPYCP4T85MgzoEHzizaMr+GGU8HgpIw8hadmA:V1CSgSYoEOzJiGd+gpH8hadt

Score
10/10
guloadercollectiondiscoverydownloaderevasionspywarestealer

Malware Config

Targets

    • Target

      d314fe716123c0fac98d48d7d4acd4fe887217c2a9ad0fc96850235785f7f79b.exe

    • Size

      1.0MB

    • MD5

      8e4a2b26b311d9e5c9a920186b0b8025

    • SHA1

      f433a5c5020d31b0278b659e01cbb3882c671487

    • SHA256

      d314fe716123c0fac98d48d7d4acd4fe887217c2a9ad0fc96850235785f7f79b

    • SHA512

      06d922de26bf2808e740ae9c0d282c13dac4f4aa42e22458089f08b3297661ef2aefe16c0099bd1393fe5d443a10b1f425acf1fb2597ff63d31bbb37e76c613a

    • SSDEEP

      24576:9jwKCNPYCP4T85MgzoEHzizaMr+GGU8HgpIw8hadmA:V1CSgSYoEOzJiGd+gpH8hadt

    Score
    10/10
    discoveryguloadercollectiondownloaderevasionspywarestealer

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Disables Task Manager via registry modification

      evasion

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks