Overview

overview

10

Static

static

3

1f29944c74...ae.exe

windows7-x64

10

1f29944c74...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe

  • Size

    84KB

  • Sample

    240530-1wy4msah9s

  • MD5

    71239d39b96b5cdc10d1ff98af0f07d0

  • SHA1

    b89353b7d545270833a56f81f26724510ed5471b

  • SHA256

    1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae

  • SHA512

    646370e996d05d759f933ff7839d46a115a9fe236fa897c7af555400085a96289cb120e7224bb0302f70dd1cb0a84c4ac7ecbdfa25760b3e9c42712cfc6663a5

  • SSDEEP

    1536:V8ysFY6TjMuToZPp0goKKHmGvPQJRWhRDQ/R:7xuQu4n4wJRWi

Score
10/10
guloaderdownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%21149&authkey=AKZCgadhv8s_S8Y

xor.base64

Targets

    • Target

      1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae.exe

    • Size

      84KB

    • MD5

      71239d39b96b5cdc10d1ff98af0f07d0

    • SHA1

      b89353b7d545270833a56f81f26724510ed5471b

    • SHA256

      1f29944c7410239305587dc44c89c9959d5e8da9ef878200eccd4dd71884b9ae

    • SHA512

      646370e996d05d759f933ff7839d46a115a9fe236fa897c7af555400085a96289cb120e7224bb0302f70dd1cb0a84c4ac7ecbdfa25760b3e9c42712cfc6663a5

    • SSDEEP

      1536:V8ysFY6TjMuToZPp0goKKHmGvPQJRWhRDQ/R:7xuQu4n4wJRWi

    Score
    10/10
    guloaderdownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks