guloader | 2c4da3f767b9bf2588fa2441d52346380042a4d176d15e6097cb08e26ed05f7e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ORDEN DE COMPRA GMBH FO 16620 REV2.vbs
Size

183KB
Sample

220928-qpz29ahahn
MD5

bf9cf3a28e3488ba8d966caaff566fbb
SHA1

7aa40c3fdbecce903b8c4616927684650a868265
SHA256

2c4da3f767b9bf2588fa2441d52346380042a4d176d15e6097cb08e26ed05f7e
SHA512

ea437620351a04e74922ac749b3e9ff31b0718dd7d37fc5b3ccadf030d387761abe500b8cc782194b2761e98c05698e1b0db47f9624b7a5c3cd5c23d25229479
SSDEEP

3072:7uiGXI1mhwLLRm+OlbOigIUUOasSNh5nnS/bEBr:74X6m8L8lbxgIUUTFJn4bEN

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  ORDEN DE COMPRA GMBH FO 16620 REV2.vbs
- Size
  
  183KB
- MD5
  
  bf9cf3a28e3488ba8d966caaff566fbb
- SHA1
  
  7aa40c3fdbecce903b8c4616927684650a868265
- SHA256
  
  2c4da3f767b9bf2588fa2441d52346380042a4d176d15e6097cb08e26ed05f7e
- SHA512
  
  ea437620351a04e74922ac749b3e9ff31b0718dd7d37fc5b3ccadf030d387761abe500b8cc782194b2761e98c05698e1b0db47f9624b7a5c3cd5c23d25229479
- SSDEEP
  
  3072:7uiGXI1mhwLLRm+OlbOigIUUOasSNh5nnS/bEBr:74X6m8L8lbxgIUUTFJn4bEN
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader