guloader | 5c40de04e12f0037da4fe06a6b95f56ed472b342566d25736f4b671ef5462b65 | Triage

Sharing

General

Target

Shipment Document BL,INV and packing list.jpg.ace
Size

71KB
Sample

210915-hxnp7adbar
MD5

da6877ef1c87bc4935317ad9aec310c7
SHA1

58168ab3a37b6e90a1e655cfc83fa1eb10f7bae2
SHA256

5c40de04e12f0037da4fe06a6b95f56ed472b342566d25736f4b671ef5462b65
SHA512

5edbf1cc4444e445e2bbef116e89c838a2ac6655d547a9c890195a994ab84c7a2cabcd6aeb6712b18b94beff81d49fe4ff3f559503499e4c622e6a9ada508489

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Shipment Document BL,INV and packing list.jpg.exe
- Size
  
  128KB
- MD5
  
  df2413a552334b77e540bb8c69bf9763
- SHA1
  
  453f88a44b3966a97fc4005a0b6edf894cdc8d41
- SHA256
  
  434e6827ed58ffd66a28619822626816559605a4e5d7c7cfe8770d3af043527d
- SHA512
  
  de9fdb8b874bc68820be7cd0421d23265fc8127b4ed274461f48fcdb9efd3b374a4900b8b6ed6e741ca1e965d9093f6a8b05dbed3989a6ac26c985cded212f9d
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader