guloader | 50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af | Triage

Sharing

General

Target

50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
Size

108KB
Sample

210509-4jeqlgj7ws
MD5

c1bbb80a3a9617259a87b1be77215c97
SHA1

1f176833a49f04aff11ed74580b5dfc725cf20bd
SHA256

50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
SHA512

3046ffd635074341d28924b480d0d62bcaff798f92aaf36ec1980de4e27f93a01494720fece7bbd1e3115c5568b281034a791949f46554003b6ad008f0e60604

Score

10^/10

guloader downloader guloader

Malware Config

Extracted

Family

guloader

C2

https://www.mediafire.com/file/bg09a2z8p0ojruh/origin_dwqUQLYCkO21.bin/file

xor.base64

Targets

- Target
  
  50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
- Size
  
  108KB
- MD5
  
  c1bbb80a3a9617259a87b1be77215c97
- SHA1
  
  1f176833a49f04aff11ed74580b5dfc725cf20bd
- SHA256
  
  50867b76113d37d59ecb36a9704bc4bac648e474853c4052cea1b5fb36f807af
- SHA512
  
  3046ffd635074341d28924b480d0d62bcaff798f92aaf36ec1980de4e27f93a01494720fece7bbd1e3115c5568b281034a791949f46554003b6ad008f0e60604
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader