guloader | bd94bfcd8a2010ae130ed1b60c575aae925032942d9c4eb2d1a134f2128b161a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ziraat Bankasi Swift Mesaji.exe
Size

637KB
Sample

220915-jfss9accd2
MD5

a9e06a26cb3a7daf25d15ed9d365305a
SHA1

11cb156a626486c926ddaa3d2dcf908295c62aa9
SHA256

bd94bfcd8a2010ae130ed1b60c575aae925032942d9c4eb2d1a134f2128b161a
SHA512

886767ec6108b8264768eb1134bcb97b3cdc33c3a61df97619724f01c0f18c745f29ed4315bd23395420314521964ea9223a68ac94453360179a5c30527302e5
SSDEEP

12288:/gDX/G7k2F1axoSAtT/ljZhsQTN2sjQycX9PT8npixpM2qe:o/ak2F1aiSAtT/l12g26lOT4oxpMu

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Ziraat Bankasi Swift Mesaji.exe
- Size
  
  637KB
- MD5
  
  a9e06a26cb3a7daf25d15ed9d365305a
- SHA1
  
  11cb156a626486c926ddaa3d2dcf908295c62aa9
- SHA256
  
  bd94bfcd8a2010ae130ed1b60c575aae925032942d9c4eb2d1a134f2128b161a
- SHA512
  
  886767ec6108b8264768eb1134bcb97b3cdc33c3a61df97619724f01c0f18c745f29ed4315bd23395420314521964ea9223a68ac94453360179a5c30527302e5
- SSDEEP
  
  12288:/gDX/G7k2F1axoSAtT/ljZhsQTN2sjQycX9PT8npixpM2qe:o/ak2F1aiSAtT/l12g26lOT4oxpMu
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader