Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 00:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Selvfinansiering.exe
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Selvfinansiering.exe
Resource
win10v2004-20240611-en
3 signatures
150 seconds
General
-
Target
Selvfinansiering.exe
-
Size
124KB
-
MD5
7e4344fe8ab1388aa953c85658a6802b
-
SHA1
f1ca7460b212b5c83c5ff867b266d8e941cf5dbf
-
SHA256
4f150ed4669f3a26cfbb6cf06c9843de3bf2a619de4807053512502ef983a3b2
-
SHA512
2209449a2994627604380dae69b9972754190c29930170be63dcaeea36c2ddcd175631c3014e3e4274059a54606b95e8e20ae32d5cb612aeb91d563c52eb2d2d
-
SSDEEP
1536:IGpFzrNUgXMJkD5SR5IzR3TUrLk6joOhHf9B6HvcN1QpVx2JSHa/gX+:1p1NUIMDcNDAtoOhHT1Hz
Score
10/10
Malware Config
Extracted
Family
guloader
C2
https://drive.google.com/uc?export=download&id=1KNgfBcxtyoDcrj3vTkeTjr-gnQjw04N2
xor.base64
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Guloader payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3060-2-0x0000000002960000-0x000000000296B000-memory.dmp family_guloader -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Selvfinansiering.exepid process 3060 Selvfinansiering.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3060-2-0x0000000002960000-0x000000000296B000-memory.dmpFilesize
44KB