guloader | e42af5bffa231ebbc62fea3befe73570c5f428a2c77f7fc33b72c31ef8b6245f

General

Target

905ea903cc9cccce0c3a3e4eaa699f66.bin
Size

242KB
Sample

240628-defjmszfnn
MD5

b5bbaacdb00e351ca63c4cfb43cf8a35
SHA1

70379267cb348de4542d762f67b2f49d5637dc53
SHA256

e42af5bffa231ebbc62fea3befe73570c5f428a2c77f7fc33b72c31ef8b6245f
SHA512

7a76d11db59008051ad783be5859d25b4e4b91253ff2511e828af1c55292b34875e51ad657e6bd5ce5fb759b689f9b4d0b8c06bd29f05fa794deca56c740a95b
SSDEEP

6144:CyhOAA+G/1jTGtQ2Ua93ly8+7P6t+UPt1PUtdmbjot9b6yH:nhO+G/1jTGrbUTL6tvPtxJbJyH

Score

10^/10

Malware Config

Targets

- Target
  
  SMKT_COPY20240604.exe
- Size
  
  314KB
- MD5
  
  c7ceecb921d43912ec928af816a43ede
- SHA1
  
  2c4266ebdae98fc609ffb191cf26e85dc0671faa
- SHA256
  
  144540da6bfc395bdd8726b156099a7f7b27240321424411ba8af877cbdcbe86
- SHA512
  
  8b4ecfc89221af3d4dde2ab7effc288f9c9ddaba764b67acbde33fbc5c19d69e16d69c40f35de74e36f4eb12bdd2ffba44b702bea9d5249476dafc7f4f389e31
- SSDEEP
  
  6144:BXFKo5F4CtVeI8Y9BA6MA4ph2LN7LNNhEdMUjzz4elzC:BX54CVeI8Y9BA6uph2LN7LNNhTelO
Score

10^/10

guloader collection downloader persistence spyware stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  b4579bc396ace8cafd9e825ff63fe244
- SHA1
  
  32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c
- SHA256
  
  01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b
- SHA512
  
  3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a
- SSDEEP
  
  96:JwzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuH0DQ:JTQHDb2vSuOc41ZfUNQZGdHM
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Tasks

Sharing

General

Malware Config

Targets

Guloader,Cloudeye

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook accounts

Adds Run key to start application

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6