guloader | cf7188027fdf9e58695083342a2217ab861354ce960b324f4f59cbd350569a6c | Triage

Sharing

General

Target

SecuriteInfo.com.Gen.Variant.Nemesis.10724.2598.22597.exe
Size

449KB
Sample

220913-ngkaqabccq
MD5

27582bde555cc9360d73040fb1bcb3c1
SHA1

12d11e7c8030ac84f2d1467f0f40120737db71d7
SHA256

cf7188027fdf9e58695083342a2217ab861354ce960b324f4f59cbd350569a6c
SHA512

2037a6127c6c66d8b43f3e5e1827ea55ad5e77f3caa47d8428dbd3d0d339d827d5923c4c66c495471ce641b35ebe5789194179cb24e008dbcb68dd36500c8785
SSDEEP

6144:zUj/wo75BKtzLEhmNPrkB+/QRdJWVw6FFXqsKWjI+qHUP9Qgm3sYHwoJbR00m2g0:zqNMEh6Pdfe81MWjsH6QH9QoJdpnh

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Gen.Variant.Nemesis.10724.2598.22597.exe
- Size
  
  449KB
- MD5
  
  27582bde555cc9360d73040fb1bcb3c1
- SHA1
  
  12d11e7c8030ac84f2d1467f0f40120737db71d7
- SHA256
  
  cf7188027fdf9e58695083342a2217ab861354ce960b324f4f59cbd350569a6c
- SHA512
  
  2037a6127c6c66d8b43f3e5e1827ea55ad5e77f3caa47d8428dbd3d0d339d827d5923c4c66c495471ce641b35ebe5789194179cb24e008dbcb68dd36500c8785
- SSDEEP
  
  6144:zUj/wo75BKtzLEhmNPrkB+/QRdJWVw6FFXqsKWjI+qHUP9Qgm3sYHwoJbR00m2g0:zqNMEh6Pdfe81MWjsH6QH9QoJdpnh
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader