Overview

overview

10

Static

static

3

pago3423443.exe

windows7-x64

7

pago3423443.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18022025_1636_18022025_pago3423443.rar

  • Size

    967KB

  • Sample

    250218-t36czavn16

  • MD5

    d02c092186bc2dd5257195f9069f60a0

  • SHA1

    664556dccfcf6dc52f2c7d0ade2b73aa1ea0ee6b

  • SHA256

    590968973ea1694416916c544ac177143d6ea1e4a16a45869b535cdb2472ac4f

  • SHA512

    7d05b20babea601959dea10be8cd927f8f26046eca4fe3cd9c617ab8dc001111952dd772e2fad21880cbd2554d7de1db3e1361b05faf361ad4caa472211c79b0

  • SSDEEP

    24576:sHtxG6LAoi4+tYQU5vIX+kFXk43jg69LbVRU6j7:sNs6LA9U5JF43ZZVRU47

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      pago3423443.com

    • Size

      1.0MB

    • MD5

      c626b5ff25d95915163a9fc8a65237ff

    • SHA1

      44a686fa47df95c5c1f2b8867db65ee2baa8488d

    • SHA256

      b3da5f2f5c92cffef6701e6f99e8bc5ef7bfb7bb45f1530813f37c3d97f1d3b0

    • SHA512

      380c042631d46d6b8582679f9e8eefd96724e821a43484f3f64bcec333d0509bbb7fbcabd30bbb800ed2370e4d9a2c7e9f518979494204e4271a7825700b4b87

    • SSDEEP

      24576:YSafguydKSg+onJ3RbnHPVNfroUmLDbZ7Jjl7WqDs3Ry:YlfguygSg+Q/bnHPHbSFhWquR

    Score
    10/10
    discoveryguloaderdownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      2a0f58baa9f48961707195d3d9ab8d0a

    • SHA1

      abb640f58bd2a3fc50cd130bd960015df7a2a345

    • SHA256

      a9520ce3bcfa4cfb7d9be3d317bdb3068246b38292e6d291a55f1b04a158998e

    • SHA512

      273356a565978ff58d223e4d84de85d257838b1c37ae33054de76401ac935fd26f54213424ad8164bae2c4f9d9f2d61cbdd24bbaad453da938e0dca26b98130a

    • SSDEEP

      48:im1gEhmNd2MPUptxENJ5imMOBAZqMTBCpYwvNHZzUJvR0J56of5dwe:F1qdBGE75LBAZqIFeZUR0zPd

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      12b140583e3273ee1f65016becea58c4

    • SHA1

      92df24d11797fefd2e1f8d29be9dfd67c56c1ada

    • SHA256

      014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042

    • SHA512

      49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a

    • SSDEEP

      192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks