guloader | a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7 | Triage

Submit
Reports

Overview

overview

Static

static

1

a03913b0dc...c7.exe

windows7-x64

8

a03913b0dc...c7.exe

windows10-2004-x64

Sharing

General

Target

a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7
Size

401KB
Sample

240708-bfqpwsxcpc
MD5

f1043033237fa935ef9af72415e657a1
SHA1

b1ce2973b99811fe469ae6b4c450e97d4d4f4a20
SHA256

a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7
SHA512

1f4971262c297f2fa58234d7787ea384a168633eadce39e9334d9e7f5e5924b40eb47b84cc83ec8c29c62212863f17340a5525007d25f721c900e5583cf8dd3b
SSDEEP

6144:FM23AboMfTvNXDQV1yKE2C7qNIZX8il32bcHXgjv3bO43f1WYq6cVjWZSlhhEV:nGoGNzQ+DZX8M2bc3Av3bO43tW5WZl

Score

10^/10

guloader collection downloader evasion execution persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7.exe

Resource

win7-20240704-en

execution persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7.exe

Resource

win10v2004-20240704-en

guloader collection downloader evasion execution persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7
- Size
  
  401KB
- MD5
  
  f1043033237fa935ef9af72415e657a1
- SHA1
  
  b1ce2973b99811fe469ae6b4c450e97d4d4f4a20
- SHA256
  
  a03913b0dcf4d9707eb9c74d69b522927e760e9be55effb0e14ebbbaad9177c7
- SHA512
  
  1f4971262c297f2fa58234d7787ea384a168633eadce39e9334d9e7f5e5924b40eb47b84cc83ec8c29c62212863f17340a5525007d25f721c900e5583cf8dd3b
- SSDEEP
  
  6144:FM23AboMfTvNXDQV1yKE2C7qNIZX8il32bcHXgjv3bO43f1WYq6cVjWZSlhhEV:nGoGNzQ+DZX8M2bc3Av3bO43tW5WZl
Score

10^/10

execution persistence guloader collection downloader evasion trojan
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- UAC bypass
  evasion trojan
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionpersistence

behavioral2

guloadercollectiondownloaderevasionexecutionpersistencetrojan

© 2018-2024

Terms | Privacy