guloader | 0844f872ff9ebbd8e7c8413bfd7e3781e01b58fa19728dcec60df37cb1e13a3b | Triage

Submit
Reports

Overview

overview

Static

static

customer00...36.vbs

windows7_x64

Sharing

General

Target

customer0010015536.vbs
Size

975KB
Sample

220310-gbrpaaeca2
MD5

bb43fca72e38304fb261a11e42f5ead7
SHA1

1162a94026bf4962c9029107a704d13b3cb6107d
SHA256

0844f872ff9ebbd8e7c8413bfd7e3781e01b58fa19728dcec60df37cb1e13a3b
SHA512

1c413d585a705cd1015b82c8e6bbe767d9109707ff28a76a3ddc2ea94f16b9f0bc4feea383574c848c1455a1e7d7fcf3acfb4741f8042dd0d7cda6883f287d5a

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

customer0010015536.vbs

Resource

win7-20220223-en

guloader downloader

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  customer0010015536.vbs
- Size
  
  975KB
- MD5
  
  bb43fca72e38304fb261a11e42f5ead7
- SHA1
  
  1162a94026bf4962c9029107a704d13b3cb6107d
- SHA256
  
  0844f872ff9ebbd8e7c8413bfd7e3781e01b58fa19728dcec60df37cb1e13a3b
- SHA512
  
  1c413d585a705cd1015b82c8e6bbe767d9109707ff28a76a3ddc2ea94f16b9f0bc4feea383574c848c1455a1e7d7fcf3acfb4741f8042dd0d7cda6883f287d5a
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

© 2018-2024

Terms | Privacy