guloader | 1c8142854d0aa4fd944335b36bce7bd73cc1baf10dc56bb96b8fa16fb1327fba | Triage

Sharing

General

Target

Siamangsra.vbs
Size

183KB
Sample

220928-p83f2sfhd8
MD5

a74a8e7d1e1b340a0d04157ffdf55e85
SHA1

547ea2a367217ead30490c240d5703f3b771d08e
SHA256

1c8142854d0aa4fd944335b36bce7bd73cc1baf10dc56bb96b8fa16fb1327fba
SHA512

231f6fe2e4657372b09da22510f3fb6df5eabe8e696e3057a7191b052d7f8a1bc9b443d09e0696aea735a3528d67ab38e8a3eb0440e567a0968b4c089eb23cbf
SSDEEP

3072:Qk4Dj1cPtDc9dTYGAQLt5OGaMVDRnvUOCcSNh57nS/b57H:Qk4DaPa9drAQLixWDRnvUT1ln4b5r

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Siamangsra.vbs
- Size
  
  183KB
- MD5
  
  a74a8e7d1e1b340a0d04157ffdf55e85
- SHA1
  
  547ea2a367217ead30490c240d5703f3b771d08e
- SHA256
  
  1c8142854d0aa4fd944335b36bce7bd73cc1baf10dc56bb96b8fa16fb1327fba
- SHA512
  
  231f6fe2e4657372b09da22510f3fb6df5eabe8e696e3057a7191b052d7f8a1bc9b443d09e0696aea735a3528d67ab38e8a3eb0440e567a0968b4c089eb23cbf
- SSDEEP
  
  3072:Qk4Dj1cPtDc9dTYGAQLt5OGaMVDRnvUOCcSNh57nS/b57H:Qk4DaPa9drAQLixWDRnvUT1ln4b5r
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader