guloader | 1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe | Triage

Sharing

General

Target

1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
Size

80KB
Sample

220201-jyedksbcal
MD5

950483bcaff55045d695761e386cb514
SHA1

9a4cf1caf2bd6082883c24f6e4d6b98fffed71f0
SHA256

1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
SHA512

90f8aed09c42fad97194bd1c4b787af72cae287e35516635ff4cfb92072340dd970d3e67182d8d5ab8662d6aa2b2cfc4b756aa17f04ba79b477c72ab56026900

Score

10^/10

guloader downloader guloader persistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1UnZE1_XDcad5DW8fsVFD8K1ZYDla2tyn

xor.base64

Targets

- Target
  
  1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
- Size
  
  80KB
- MD5
  
  950483bcaff55045d695761e386cb514
- SHA1
  
  9a4cf1caf2bd6082883c24f6e4d6b98fffed71f0
- SHA256
  
  1c27f57ddb7c5ccbf08702936e1c53d064e6eb2083ed5fd95b210443a6d7ecbe
- SHA512
  
  90f8aed09c42fad97194bd1c4b787af72cae287e35516635ff4cfb92072340dd970d3e67182d8d5ab8662d6aa2b2cfc4b756aa17f04ba79b477c72ab56026900
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader Payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2