guloader | 2206d1e56d12675b480562b2c482d682de779893c489e558588c7ccafd416489 | Triage

Sharing

General

Target

DRAFT_DOCUMENTS-SCANNED-COPIES-REF-009EUY-73736353-09298253644-2.exe
Size

165KB
Sample

220914-qkqb9aebbm
MD5

cb50c7162392c9452374839604818421
SHA1

457b57ea14f9474ac33642bf7a0a3b092482e77b
SHA256

2206d1e56d12675b480562b2c482d682de779893c489e558588c7ccafd416489
SHA512

ac90d79c60195ed92a333721d3c5dbd9355bd120f71136ccd199e88d2a027e51567511a13cc4ee6738dfb21fcf231b7d188e988dcf5ccfc6e5863df0002040ed
SSDEEP

3072:e/c/d6j3AaTqN9Lohk6CMXb7OqvILu5YiDCMKVQ5C6JlU4AFyv1+3N+PtJuaBfqg:e/c/43AbE9yqvILuDD5C6jPAcNoNgtFv

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  DRAFT_DOCUMENTS-SCANNED-COPIES-REF-009EUY-73736353-09298253644-2.exe
- Size
  
  165KB
- MD5
  
  cb50c7162392c9452374839604818421
- SHA1
  
  457b57ea14f9474ac33642bf7a0a3b092482e77b
- SHA256
  
  2206d1e56d12675b480562b2c482d682de779893c489e558588c7ccafd416489
- SHA512
  
  ac90d79c60195ed92a333721d3c5dbd9355bd120f71136ccd199e88d2a027e51567511a13cc4ee6738dfb21fcf231b7d188e988dcf5ccfc6e5863df0002040ed
- SSDEEP
  
  3072:e/c/d6j3AaTqN9Lohk6CMXb7OqvILu5YiDCMKVQ5C6JlU4AFyv1+3N+PtJuaBfqg:e/c/43AbE9yqvILuDD5C6jPAcNoNgtFv
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader