guloader | 680289c529f4d35767c366fee328b3ea12a904d1cce8e429ddc4fa411089472a | Triage

Sharing

General

Target

Jemputan Menyertai Sebutharga 20-01-2022·pdf.exe
Size

188KB
Sample

220120-r1vscaadal
MD5

596a150a802a59ba52e6e6f401af4ef6
SHA1

ac13c6ca1080169e189fb7be26d596440edfa141
SHA256

680289c529f4d35767c366fee328b3ea12a904d1cce8e429ddc4fa411089472a
SHA512

5118519bd6250478a206808fa959abbad3231eaa17416e0fcbadc1b3d6e46b2054a1a4a75caf1a2429d6f35396f37ab075231876859d4b6964d6b100dfac7f46

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Jemputan Menyertai Sebutharga 20-01-2022·pdf.exe
- Size
  
  188KB
- MD5
  
  596a150a802a59ba52e6e6f401af4ef6
- SHA1
  
  ac13c6ca1080169e189fb7be26d596440edfa141
- SHA256
  
  680289c529f4d35767c366fee328b3ea12a904d1cce8e429ddc4fa411089472a
- SHA512
  
  5118519bd6250478a206808fa959abbad3231eaa17416e0fcbadc1b3d6e46b2054a1a4a75caf1a2429d6f35396f37ab075231876859d4b6964d6b100dfac7f46
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2