Score: | 80 |
Range: | 0 - 100 |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
|
AV Detection |
|
---|
Source: |
Avira: |
Source: |
Virustotal: |
Perma Link | ||
Source: |
ReversingLabs: |
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Code function: |
0_2_00405861 | |
Source: |
Code function: |
0_2_0040639C | |
Source: |
Code function: |
0_2_004026F8 | |
Source: |
Code function: |
12_2_00405861 | |
Source: |
Code function: |
12_2_004026F8 | |
Source: |
Code function: |
12_2_0040639C |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
TCP traffic: |
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
||
Source: |
TCP traffic detected without corresponding DNS query: |
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
||
Source: |
String found in binary or memory: |
Source: |
Code function: |
0_2_004052FE |
System Summary |
|
---|
Source: |
Static PE information: |
Source: |
Process Stats: |
Source: |
Code function: |
0_2_0040330D | |
Source: |
Code function: |
12_2_0040330D |
Source: |
File created: |
Jump to behavior |
Source: |
Code function: |
0_2_00406725 | |
Source: |
Code function: |
0_2_00404B3D | |
Source: |
Code function: |
12_2_00406725 | |
Source: |
Code function: |
12_2_00404B3D |
Source: |
Code function: |
Source: |
Static PE information: |
Source: |
Static PE information: |
Source: |
Classification label: |
Source: |
Code function: |
0_2_0040330D | |
Source: |
Code function: |
12_2_0040330D |
Source: |
Code function: |
0_2_004045CA |
Source: |
Code function: |
0_2_004020CB |
Source: |
File created: |
Jump to behavior |
Source: |
File created: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
File read: |
Jump to behavior |
Source: |
Key opened: |
Jump to behavior |
Source: |
Virustotal: |
||
Source: |
ReversingLabs: |
Source: |
File read: |
Jump to behavior |
Source: |
Process created: |
|||
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior |
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior | ||
Source: |
Section loaded: |
Jump to behavior |
Source: |
Key value queried: |
Jump to behavior |
Source: |
File written: |
Jump to behavior |
Source: |
Static file information: |
Source: |
Static PE information: |
Data Obfuscation |
|
---|
Source: |
File source: |
||
Source: |
File source: |
Source: |
Code function: |
0_2_10001A5D |
Source: |
Code function: |
0_2_10002D4E |
Persistence and Installation Behavior |
|
---|
Source: |
Joe Sandbox AI: |
Source: |
File created: |
Jump to dropped file |
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior | ||
Source: |
Process information set: |
Jump to behavior |
Malware Analysis System Evasion |
|
---|
Source: |
API/Special instruction interceptor: |
||
Source: |
API/Special instruction interceptor: |
Source: |
RDTSC instruction interceptor: |
||
Source: |
RDTSC instruction interceptor: |
Source: |
Dropped PE file which has not been started: |
Jump to dropped file |
Source: |
Thread sleep time: |
Jump to behavior |
Source: |
Last function: |
Source: |
Code function: |
0_2_00405861 | |
Source: |
Code function: |
0_2_0040639C | |
Source: |
Code function: |
0_2_004026F8 | |
Source: |
Code function: |
12_2_00405861 | |
Source: |
Code function: |
12_2_004026F8 | |
Source: |
Code function: |
12_2_0040639C |
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior | ||
Source: |
File opened: |
Jump to behavior |
Source: |
Binary or memory string: |
||
Source: |
Binary or memory string: |
Source: |
API call chain: |
||
Source: |
API call chain: |
Source: |
Process queried: |
Jump to behavior | ||
Source: |
Process queried: |
Jump to behavior |
Source: |
Code function: |
0_2_004023D0 |
Source: |
Code function: |
0_2_10001A5D |
Source: |
Process created: |
Jump to behavior |
Source: |
Code function: |
0_2_0040330D |
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.29.8.57 | unknown | European Union | 60567 | DATACLUB-SE | false |