guloader | 65514d1bcd58f206fbc6339c7893a4dc5fb3e7de39177038eac73906ec5c622c | Triage

Submit
Reports

Overview

overview

Static

static

LIST OF IT...t.xlsx

windows7_x64

LIST OF IT...t.xlsx

windows10_x64

1

Sharing

General

Target

LIST OF ITEMS 2021 project.xlsx
Size

590KB
Sample

210915-gs66asdacm
MD5

4a1d13469a6c817242e8b567bf34ab9a
SHA1

a0d54f6c1205defad5f31cadf3393880e7c4c862
SHA256

65514d1bcd58f206fbc6339c7893a4dc5fb3e7de39177038eac73906ec5c622c
SHA512

a89649b90fe5900f3a014d84cee247df5ee514066bc2b58b968eea203d5290db6964aa5e6f5169cd4830121b0044c620c55db1089bb6c73c1af18f7a82729bf8

Score

10^/10

guloader downloader suricata

Static task

static1

Behavioral task

behavioral1

Sample

LIST OF ITEMS 2021 project.xlsx

Resource

win7v20210408

guloader downloader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

LIST OF ITEMS 2021 project.xlsx

Resource

win10-en

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  LIST OF ITEMS 2021 project.xlsx
- Size
  
  590KB
- MD5
  
  4a1d13469a6c817242e8b567bf34ab9a
- SHA1
  
  a0d54f6c1205defad5f31cadf3393880e7c4c862
- SHA256
  
  65514d1bcd58f206fbc6339c7893a4dc5fb3e7de39177038eac73906ec5c622c
- SHA512
  
  a89649b90fe5900f3a014d84cee247df5ee514066bc2b58b968eea203d5290db6964aa5e6f5169cd4830121b0044c620c55db1089bb6c73c1af18f7a82729bf8
Score

10^/10

guloader downloader suricata
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloadersuricata

behavioral2

© 2018-2024

Terms | Privacy