guloader | 534b1acb9b1b2124e044304d0c5f41ff9e2ba1cb11ec10ce5bc17eed43788110 | Triage

Sharing

General

Target

a2b744c7920722a628855ecb4487a5d8-vt-file.7z
Size

27KB
Sample

210416-hhrxbk2ty2
MD5

d1048c2165c8c3bcdb50868e7735c115
SHA1

7f9fd6e8498bd6712ee547789d1fad69e0885375
SHA256

534b1acb9b1b2124e044304d0c5f41ff9e2ba1cb11ec10ce5bc17eed43788110
SHA512

c36683da9fb998dbd7121eec3e3ac0b52c9d1bf37e9e6cd4805b865c3b81493d4952ba2565bc1e0436c315958c617a8f323a5667aa156db86679796dba3974b6

Score

10^/10

guloader downloader guloader

Malware Config

Targets

- Target
  
  a2b744c7920722a628855ecb4487a5d8-vt-file
- Size
  
  100KB
- MD5
  
  a2b744c7920722a628855ecb4487a5d8
- SHA1
  
  cd3cd003b3e1d169fcb297754769ff90f2458bf8
- SHA256
  
  f0495a673447b0fc924bf4181898d85cbcfc3921c41bfe216abd28b6bfff7c00
- SHA512
  
  e45f201838d82a909fb98f9c5d9df14e53ab20f46161344c030853c4fb96b37be39eb479e7cf9c3ad6b86a2e5ef85042b774ef7d6b61df73474a22613e4d9587
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader