guloader | e0268648dddfc680d9a6a9445b8d7fa07667c42be6ed9dfefaabea1e792e387b | Triage

Analysis

max time kernel
133s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 01:27

Sharing

Report Analysis Logs

General

Target

139083be148d63b991b7848b116f93d1.exe
Size

108KB
MD5

139083be148d63b991b7848b116f93d1
SHA1

8528b44ee3086b209eebdb08c6b3cc5ed5a40fab
SHA256

e0268648dddfc680d9a6a9445b8d7fa07667c42be6ed9dfefaabea1e792e387b
SHA512

6e3ccb2809108ff0ea9ffb4239371aa5dabadbd710c4af80b9e8975c3aa30b5c410cd0cc94d6a2fa8ae6da368bb9e742d941734d280610979cc8caefffea1a47
SSDEEP

1536:wq9kCxG1zdcaKw1LCwVa4S49WsSzTdCh+G7qwB:wldc7EuKWov

Score

10^/10

guloader downloader guloader

Malware Config

Extracted

Family

guloader

C2

http://www.aussieadrenaline.com/yh/janomo_iMWOx126.bin

xor.base64

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader
Guloader payload 1 IoCs
guloader

Processes:

resource yara_rule

behavioral2/memory/836-2-0x00000000022C0000-0x00000000022CC000-memory.dmp family_guloader
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

139083be148d63b991b7848b116f93d1.exe

pid process

836 139083be148d63b991b7848b116f93d1.exe

C:\Users\Admin\AppData\Local\Temp\139083be148d63b991b7848b116f93d1.exe
"C:\Users\Admin\AppData\Local\Temp\139083be148d63b991b7848b116f93d1.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-2-0x00000000022C0000-0x00000000022CC000-memory.dmp

Filesize
48KB

Download