guloader | f38a6a99eb426c7c222b78231ba730b59f4ca324235fe5099b00682e1deefca5 | Triage

Sharing

General

Target

f38a6a99eb426c7c222b78231ba730b59f4ca324235fe5099b00682e1deefca5
Size

18KB
Sample

220121-2tpymabha5
MD5

f120e50f943089358052a4d0d760a47e
SHA1

73d5a2f78375552262382525190ad7b735b5e33d
SHA256

f38a6a99eb426c7c222b78231ba730b59f4ca324235fe5099b00682e1deefca5
SHA512

5c35d3ef2b5d2240def6282d9f3bf0d1704571157dd45f0ded3c7c52cf6956f697d0bc4561dc0ae47cae33870f845b7157c20fc929c291c811cc99a9fafb57a9

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1t2kWSyeWJ0Nxuf3Q0XWr6hhlOTDB_4Og

xor.base64

Targets

- Target
  
  Proforma Invoice.exe
- Size
  
  64KB
- MD5
  
  d09f1e15cbc187edc5792c61d8670a09
- SHA1
  
  2b7059a6964b634dd7bb372b5e62c38887b8e93d
- SHA256
  
  3561b08594d47d1c827ef76518197472532bfae0ffb9329711f51dc0ee9bdf2a
- SHA512
  
  f5c4436dc0dc002785d6574614ed2f9d2b3b175f3e14fa546dd131736d2cc263de289dd818940c5a61ca536616b48b69a0245698f2cdef6e5f2a4bc450fdec27
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader