guloader | c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c | Triage

Submit
Reports

Overview

overview

Static

static

3

Ziraat Ban...ji.exe

windows7-x64

7

Ziraat Ban...ji.exe

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Nicaean/Ga...86.doc

windows7-x64

1

Nicaean/Ga...86.doc

windows10-2004-x64

1

Sharing

General

Target

Ziraat Bankasi Swift Mesaji.exe
Size

853KB
Sample

240702-glbe2ssglm
MD5

57dbc2be60ede5140738c720a629781c
SHA1

b348e314c3f9be312725b23a0fecf491404caf66
SHA256

c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c
SHA512

8932c191f72eb089d346848164c36104e6114e39cdeed19d1e67a7546ce68f01d8fdadec2c6f9ce5a80915e5781631fd37018f9e57c3a1d54d677f2e9c6ae006
SSDEEP

24576:N3mYVFbTdL3LgGStF2C/GVOoD5jQZj7/MJhmO:N3mYV9x3SH2C/EOEm7lO

Score

10^/10

guloader downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ziraat Bankasi Swift Mesaji.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ziraat Bankasi Swift Mesaji.exe

Resource

win10v2004-20240611-en

guloader downloader

windows10-2004-x64

8 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

Nicaean/Gangbrdderne86.doc

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral6

Sample

Nicaean/Gangbrdderne86.doc

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.exe
- Size
  
  853KB
- MD5
  
  57dbc2be60ede5140738c720a629781c
- SHA1
  
  b348e314c3f9be312725b23a0fecf491404caf66
- SHA256
  
  c7a6d57fc3d397c2b303477d8e1d4fea64fec51f46b0ddfad97a11527771702c
- SHA512
  
  8932c191f72eb089d346848164c36104e6114e39cdeed19d1e67a7546ce68f01d8fdadec2c6f9ce5a80915e5781631fd37018f9e57c3a1d54d677f2e9c6ae006
- SSDEEP
  
  24576:N3mYVFbTdL3LgGStF2C/GVOoD5jQZj7/MJhmO:N3mYV9x3SH2C/EOEm7lO
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  6e55a6e7c3fdbd244042eb15cb1ec739
- SHA1
  
  070ea80e2192abc42f358d47b276990b5fa285a9
- SHA256
  
  acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
- SHA512
  
  2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
- SSDEEP
  
  192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score

3^/10
behavioral3 behavioral4
- Target
  
  Nicaean/Gangbrdderne86.doc
- Size
  
  301KB
- MD5
  
  f2060b3940c55ff4023d4340598f4aa9
- SHA1
  
  a7ee53054c21ab1b6082db2732e1973a98ac5149
- SHA256
  
  6178d1b0de66ef523b5ce188bb92eb9651ff99383a0ed1e1b9b2cd69f651c45e
- SHA512
  
  9b212142cde23a426b51d151547a73b9a5ba04081c354d8f0c5b8cbce9ec359db53aa2a4677a59532b83d06baa65127391b82816ef02a70b8a1f8e4f2aa84462
- SSDEEP
  
  384:m6srPhzGmc17ehfBtdbowZFBhBLnHIaQjcNWmBsuJYMxsZlRfaWC6uLg1x0S68Jz:OPhOWhtZIXEvJYjRfa+
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2024

Terms | Privacy