guloader | 12dd0148f02ed0a257b41784311a98b98db4a501f8f94a2b65c5a9bc3cd10451 | Triage

Sharing

General

Target

SOLICITUD DE OFERTA.vbs
Size

181KB
Sample

220926-dhg7msacfr
MD5

06acdf5de8b3b26b96a9147836decc49
SHA1

c7e68cbbe9a5ec40e10a2013512c24e768b0c53a
SHA256

12dd0148f02ed0a257b41784311a98b98db4a501f8f94a2b65c5a9bc3cd10451
SHA512

c7fcd25d4e87eaba6996fa07e400d426a36ca07e4e9e723f3e03bd60c0bffd3ca9bfaf1e2eeae49cf0dff85eca0c19b66b0a1904099515478725343a79315cef
SSDEEP

3072:Fmi1FFbPmgq17iT1Kd5nTuZ6RlZ36CsBFX0FevM8K4Ec5CsW:Fh5rmgqKYn6ZWZ36CsBFXAe3EcwB

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  SOLICITUD DE OFERTA.vbs
- Size
  
  181KB
- MD5
  
  06acdf5de8b3b26b96a9147836decc49
- SHA1
  
  c7e68cbbe9a5ec40e10a2013512c24e768b0c53a
- SHA256
  
  12dd0148f02ed0a257b41784311a98b98db4a501f8f94a2b65c5a9bc3cd10451
- SHA512
  
  c7fcd25d4e87eaba6996fa07e400d426a36ca07e4e9e723f3e03bd60c0bffd3ca9bfaf1e2eeae49cf0dff85eca0c19b66b0a1904099515478725343a79315cef
- SSDEEP
  
  3072:Fmi1FFbPmgq17iT1Kd5nTuZ6RlZ36CsBFX0FevM8K4Ec5CsW:Fh5rmgqKYn6ZWZ36CsBFXAe3EcwB
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader