guloader | 4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346 | Triage

Sharing

General

Target

4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
Size

108KB
Sample

210505-59mdmp17sn
MD5

b5ab0642f7fc7304d715000e262aa7d5
SHA1

9a622c6d20bcd10f4328405ce844af46a3dbf407
SHA256

4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
SHA512

2d9ee0a318e2a2ebc1f1d8de70d444b87bacfe800f18901f39b855ae292fd9454f47bff5b880d93432530fa19e0997df76d9cd26e3996f3a05e57b050c1550a1

Score

10^/10

guloader downloader guloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=E61E5F3F655316FA&resid=E61E5F3F655316FA%21136&authkey=ADy1X8G-a-i3n0s

xor.base64

Targets

- Target
  
  4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
- Size
  
  108KB
- MD5
  
  b5ab0642f7fc7304d715000e262aa7d5
- SHA1
  
  9a622c6d20bcd10f4328405ce844af46a3dbf407
- SHA256
  
  4d88b67d2370313735a7b2b172972bf224bce4e742d276249d4f612261036346
- SHA512
  
  2d9ee0a318e2a2ebc1f1d8de70d444b87bacfe800f18901f39b855ae292fd9454f47bff5b880d93432530fa19e0997df76d9cd26e3996f3a05e57b050c1550a1
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader