guloader | 2320a8a1a00b251e588281e68f1c1a1ab03bc750ff787cb698a865c166d56535 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

payment receipt.exe

windows7-x64

payment receipt.exe

windows10-2004-x64

Sharing

General

Target

payment receipt_1.zip
Size

98KB
Sample

220917-vlaemsaag5
MD5

350c670f9748d76fbcac821c9dedfc6d
SHA1

3eea4ec6aefb8f0f7787ceb6e8315270aedb8c74
SHA256

2320a8a1a00b251e588281e68f1c1a1ab03bc750ff787cb698a865c166d56535
SHA512

2be09e01bd9336901c2d211efb4c393fb4d5c88c11eb171c24da885fbc025f611c521b87fb653e9cb89e5522c6a49dbeb8e7b7321ac68e00fc831cbea1544eb1
SSDEEP

3072:jP1Zd2sUGGT3OYlGAf3RqaKMVWRKwoJfZyeDp+ft:T1z2sE3OB2341jc1ZpO

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

payment receipt.exe

Resource

win7-20220812-en

guloader downloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

payment receipt.exe

Resource

win10v2004-20220812-en

guloader downloader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  payment receipt.exe
- Size
  
  114KB
- MD5
  
  3fcc05a4ba117e0f0b24c35209acd6ae
- SHA1
  
  eeb001753c26710a2c0b235d4fc22f44a8a3661f
- SHA256
  
  fbe01e695b2a6b560da2025bc32a0269b9a4b97417ae6982e99c35cd14352ff9
- SHA512
  
  2c6c1d36b13f3b79b1f64fe4639cab9011bdac33321d7216fdefe381ab942fd02e656668cf3d0c4119617c1e93fbfecdbb80888a762e18cfbb7857b1013032e4
- SSDEEP
  
  3072:STJ4TJdRVDZ6Lt+uQNb2QXt1kWtAf3RqaQMVWRKwoRfZyeDp+8q9:SVGdx6xK2Mtmg2345jcNZpQ
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy