guloader | c4e0600859fa61d7dc76ba1e1792807597c742790ad11523e5f5c3645e3141ed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sample.zip
Size

81KB
Sample

221006-efejeagcd3
MD5

afd02220499e64781317ef63a629505c
SHA1

717edd2588c4ccdb66258a49779b327ff8d2c9f2
SHA256

c4e0600859fa61d7dc76ba1e1792807597c742790ad11523e5f5c3645e3141ed
SHA512

c1d9378772f6f361215fd3101027ea48cec8e7e6660a9ffee87c563b945f098cc9d48f8360f783d271da591988767ec07a5e8944a0d663afa691cf003659b54e
SSDEEP

1536:pR8LlTaHMzGiNERV0889IPGj+0nyQWjHBxcSvUTecl9Rfd1nKhSlVKhS97g:pR8Lc8GV082IPGjc1HJvUN/P1KAHc

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  68ed75834368d8bce7fc8d6e85b61727cdb0af1d2446ad3f58f0d5de482bfd26.vbs
- Size
  
  257KB
- MD5
  
  db5901493340a9ac0de7179ba4f3aada
- SHA1
  
  329b62f2a0c30f4dd49cba17f26d9d885ad31651
- SHA256
  
  68ed75834368d8bce7fc8d6e85b61727cdb0af1d2446ad3f58f0d5de482bfd26
- SHA512
  
  ba86f33318c4be7e04d2a7c5cf7150a60cc47aad92e74e9deab51c6341f06cd9c5c94bf550bcabf3d45ef144eadb9e9b3bd2d0caf3261de93fbb2c9f019727ee
- SSDEEP
  
  3072:5PJSdfVKLsi4uYE3I0Gz71h+ZLmJFnnmi4afgmmbYrVf:RSKLsspOdASnEafhmbYrVf
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2