guloader | 1fb0321a0639fae8da0f3417e55cc775e330540865a13419fb8d16e88c88b842 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Win32.Evo-gen.30059.exe
Size

301KB
Sample

220912-jktw4scgd8
MD5

00d41733681fb0abd99b118d1362b3a7
SHA1

944792617390075a657396e0be0fa352f7db51b8
SHA256

1fb0321a0639fae8da0f3417e55cc775e330540865a13419fb8d16e88c88b842
SHA512

fa4d265a2ac819eb50e6042e91beb28677a29aedd79dca7897c8309a3835303c45082818bfafb91cc5a1b1e002c80655451939474489b70e52e0c59f0d4200d2
SSDEEP

6144:hUj/wuIF6ND39ZfgggggggggggggggggggggggnS4TGR+qPPl2E1k:hqngggggggggggggggggggggggpThqFn

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.Evo-gen.30059.exe
- Size
  
  301KB
- MD5
  
  00d41733681fb0abd99b118d1362b3a7
- SHA1
  
  944792617390075a657396e0be0fa352f7db51b8
- SHA256
  
  1fb0321a0639fae8da0f3417e55cc775e330540865a13419fb8d16e88c88b842
- SHA512
  
  fa4d265a2ac819eb50e6042e91beb28677a29aedd79dca7897c8309a3835303c45082818bfafb91cc5a1b1e002c80655451939474489b70e52e0c59f0d4200d2
- SSDEEP
  
  6144:hUj/wuIF6ND39ZfgggggggggggggggggggggggnS4TGR+qPPl2E1k:hqngggggggggggggggggggggggpThqFn
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2