guloader | e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3

General

Target

e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
Size

48KB
Sample

220131-17d8lsdcc7
MD5

df6e0bc9e9a9871821374d9bb1e12542
SHA1

d9acd005d61c287660cf9a9b4effdde78e01bece
SHA256

e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
SHA512

4c00f4dbd24bfe52b4207f4c6d82a3af8e0f85cd07d83befcf45c6a4edf787077693efe010e92320dd1dd2f0654ea738efd291455e9cbec7f8b05563733b8b39

Score

10^/10

Malware Config

Extracted

Family

guloader

C2

https://fmglogistics-my.sharepoint.com/:u:/g/personal/cfs-hph_fmgloballogistics_com/EX30cSO-FxVEvmgm8O7XHL4ByKe15ghVU829DmSIWng6Jg?e=BFRtSN&download=1

xor.base64

Targets

- Target
  
  e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
- Size
  
  48KB
- MD5
  
  df6e0bc9e9a9871821374d9bb1e12542
- SHA1
  
  d9acd005d61c287660cf9a9b4effdde78e01bece
- SHA256
  
  e31491adc277479a5abe231267f6ba030a37539cbde0b43b496a7ac2080728d3
- SHA512
  
  4c00f4dbd24bfe52b4207f4c6d82a3af8e0f85cd07d83befcf45c6a4edf787077693efe010e92320dd1dd2f0654ea738efd291455e9cbec7f8b05563733b8b39
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Guloader,Cloudeye

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2