guloader | 8c9642da418532900903b537a040794cf8e1600a7375a292a91bf25ad9b099be | Triage

Sharing

General

Target

Picture_Samples.cab
Size

87KB
Sample

220916-rbjc1sfhg3
MD5

b506147a2b77bfc8bb7db95714c3a430
SHA1

87295ba1947a572394fdeb9ffb0bbcc8e4421074
SHA256

8c9642da418532900903b537a040794cf8e1600a7375a292a91bf25ad9b099be
SHA512

5b23c4fd45031ff93845fbe95fb8c04fb9df1a906fad8cb10a7b673c88a4776f5fbca308c865bbd102c375666a375f9c474cd728ffe5dcc625b6f82135acc561
SSDEEP

1536:zaxOzRbwRPY1vWiDdd93rMl4r6mvzzwjN7pheVD4/G6+0Cdv7qPyaw2gRirW:z/zRMPYsiDdd9sVmrzIdph00/Y97qKa6

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Picture_Samples.com
- Size
  
  104KB
- MD5
  
  ab2d42662c04ee385f73347810c4d9fe
- SHA1
  
  3dc6bd80d7acdc08478ee2591e5eb4987d039ec9
- SHA256
  
  71a2d4cf1f55f1b4ff5934bf84ad52384c00bee908b57143638adde051242bd9
- SHA512
  
  7b55b57f896df671aa3432c929cc96ac7f1a6b59ea4e395f4cf1f90c564bcf29e9ca5be135cdda73d367db10922f02fb3386e591bde4a66c320e56e710c358d8
- SSDEEP
  
  3072:wdxNE+Hb+eyz9zIov6bSY+PlpVSNXIUzIdph00/Y97qKaw2tn8:wW+7+eMYbSYiSyxo8fk
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdownloader