guloader | d827e104b371b3007b170c02cd72ac018eeac21b99304efb3042ab79928133ad | Triage

Resubmissions

08/09/2022, 10:18

220908-mb1j3sbebq 10

08/09/2022, 10:00

220908-l1nfdaecb4 10

Sharing

Copy URL Twitter E-mail

General

Target

nuovo ordine 0029904850000 29082022.bin
Size

233KB
Sample

220908-l1nfdaecb4
MD5

458443a9de1bf27df419e1bce0501a09
SHA1

f6b4ac9a6426f18ea02ae40dee18c8b1f1d4cf85
SHA256

d827e104b371b3007b170c02cd72ac018eeac21b99304efb3042ab79928133ad
SHA512

c5265eb163936458a63b2c822519c71a6399d724597eeebc8caa8c48908101fa590f2d4c7f2736f3ce2a97ecc923bcda90114739ab0696add9104d27cd365010
SSDEEP

6144:DmOPGD//kQ7OE67/WeInHwOrgVZJ16QvbsjUILNFDyFEqmt:Sr/kG67zmw6gLL6Qv03x+u

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  nuovo ordine 0029904850000 29082022.bin
- Size
  
  233KB
- MD5
  
  458443a9de1bf27df419e1bce0501a09
- SHA1
  
  f6b4ac9a6426f18ea02ae40dee18c8b1f1d4cf85
- SHA256
  
  d827e104b371b3007b170c02cd72ac018eeac21b99304efb3042ab79928133ad
- SHA512
  
  c5265eb163936458a63b2c822519c71a6399d724597eeebc8caa8c48908101fa590f2d4c7f2736f3ce2a97ecc923bcda90114739ab0696add9104d27cd365010
- SSDEEP
  
  6144:DmOPGD//kQ7OE67/WeInHwOrgVZJ16QvbsjUILNFDyFEqmt:Sr/kG67zmw6gLL6Qv03x+u
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader