Overview

overview

10

Static

static

3

Bunker (ST...n..exe

windows7-x64

10

Bunker (ST...n..exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce8a3166-3e79-4d3e-5ffc-08dd51511551.rar

  • Size

    551KB

  • Sample

    250223-crgrsswnz9

  • MD5

    04cef996bf620b806e7038b093ca9373

  • SHA1

    ee5d12f3b37ce2311b80adb7a466b4a526d8df8b

  • SHA256

    9be35c4376464838d7927e3cd13758058c407a54f8cc0c5376cabb3eb7a9c64e

  • SHA512

    e514b484dc6093da7bed7e4d142991d926367082d7e10587317cc16cf4716139b08ca60591e6ffc1d616f8445edd0ac76bb2058a791f9a90fd9941fa354b4481

  • SSDEEP

    12288:4npZHL2/oSZAmNuA6vaRyu7EhN4gPsGQRA7G0K449:4npcoSLVvgDtQwGTX9

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      Bunker (STS) Notification..exe

    • Size

      619KB

    • MD5

      c176fa88d211acc3d63d6c8d3cf8d5a6

    • SHA1

      c87881a891fa05cd1c4caa8cc10451359db163f4

    • SHA256

      6ba3a37ac78eef40080be3a47e0ebcc30619221480d5bdd60a97fd571bda2ba2

    • SHA512

      4b80ec090a296025b45de505d36059258701bdc78330421a00679bac5da6e5105d4b9eb1b11bf5398fd154a62ee8d30d023b87d55acdacc2d28ea1382384a886

    • SSDEEP

      12288:5UVC9GIaG5ez13NhJN6U+c7DK3YKFQC0ncfFF9AUiDeDx3E:KVzK5ez13N56UP7RKFQC0cdqDeDB

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      2ae993a2ffec0c137eb51c8832691bcb

    • SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

    • SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    • SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    • SSDEEP

      192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks