Overview

overview

10

Static

static

3

ca7fcaad71...bc.exe

windows7-x64

10

ca7fcaad71...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca7fcaad713c4f571f0f46f09dff8ce1d0b75ed80d3bd2aafdd816c6f98c9ebc

  • Size

    80KB

  • Sample

    250128-dslykswkfn

  • MD5

    2516cd41cf33c90f70d3e2810bad211f

  • SHA1

    f8a55a212828e0f426f60d53f530360e2abafc4f

  • SHA256

    ca7fcaad713c4f571f0f46f09dff8ce1d0b75ed80d3bd2aafdd816c6f98c9ebc

  • SHA512

    6f19f9043dbd8af6c96104669f0810b3ce7100cdb787a930180601e8d93f6b13eae3a3f19c49acb973dcb146526f75bd31c9e95831a32ab410f47a9073ec8bf9

  • SSDEEP

    768:P67EPltlNTNJ+MYNSQOTa72OP2ODIOdvhUdNBOQfvnUUwUl+V:P6OTNJ+MUSlajP2ODIsU5fvn5wUQV

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      ca7fcaad713c4f571f0f46f09dff8ce1d0b75ed80d3bd2aafdd816c6f98c9ebc

    • Size

      80KB

    • MD5

      2516cd41cf33c90f70d3e2810bad211f

    • SHA1

      f8a55a212828e0f426f60d53f530360e2abafc4f

    • SHA256

      ca7fcaad713c4f571f0f46f09dff8ce1d0b75ed80d3bd2aafdd816c6f98c9ebc

    • SHA512

      6f19f9043dbd8af6c96104669f0810b3ce7100cdb787a930180601e8d93f6b13eae3a3f19c49acb973dcb146526f75bd31c9e95831a32ab410f47a9073ec8bf9

    • SSDEEP

      768:P67EPltlNTNJ+MYNSQOTa72OP2ODIOdvhUdNBOQfvnUUwUl+V:P6OTNJ+MUSlajP2ODIsU5fvn5wUQV

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks