guloader | 208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e | Triage

Submit
Reports

Overview

overview

Static

static

208509abeb...8e.exe

windows7-x64

208509abeb...8e.exe

windows10-2004-x64

Sharing

General

Target

208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e
Size

80KB
Sample

220725-e6a9nsehgr
MD5

c993db0156b0741167b10cc7b8005b46
SHA1

8e579a71c9a5da8f3b80c26bf8e02809b1cb6453
SHA256

208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e
SHA512

9544d88cb19ee73794f3c42ffa9bd7a93a2b0d004eeed65c98e2772ad4ebf4dbab03963e8110d96aeb8469da12d6576bdaf8d4a397a798bf6742d2478f8d773b

Score

10^/10

guloader downloader guloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e.exe

Resource

win7-20220715-en

guloader downloader guloader persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e.exe

Resource

win10v2004-20220721-en

guloader downloader guloader persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://share.dmca.gripe/tV0BSXiF0O6AY1Gn.bin

xor.base64

Targets

- Target
  
  208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e
- Size
  
  80KB
- MD5
  
  c993db0156b0741167b10cc7b8005b46
- SHA1
  
  8e579a71c9a5da8f3b80c26bf8e02809b1cb6453
- SHA256
  
  208509abebdfd82a5382c20e7dd21d9cf209737554c894325f0634a942b5c48e
- SHA512
  
  9544d88cb19ee73794f3c42ffa9bd7a93a2b0d004eeed65c98e2772ad4ebf4dbab03963e8110d96aeb8469da12d6576bdaf8d4a397a798bf6742d2478f8d773b
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy