guloader | 5736beeb3bcccf928f1520272f417f37c19758762b14819485c8a1bf6220b817 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...21.exe

windows7-x64

7

SecuriteIn...21.exe

windows10-2004-x64

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKD.62655029.2208.13021.exe
Size

536KB
Sample

221010-pbfwsabga2
MD5

0d7c11c2202fff468c4e9f8ed29b682d
SHA1

cd9e6dd5e7c55e9bebf9f184c6826f7548185006
SHA256

5736beeb3bcccf928f1520272f417f37c19758762b14819485c8a1bf6220b817
SHA512

0c6098cd61473090ecc8ec0f8f628149b93febdff7f2e0d553504c2703c420546ffd6abf6c02403a9088856d9e8cac6701ca52c09c94b79629f85b411f6c9e86
SSDEEP

6144:5B+pgUzkmJo/iXl2PfBanor7zs1fP/mz2Po9Row9AckGsePWy:5gLaiXBn87QRmio9CweGsdy

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.GenericKD.62655029.2208.13021.exe

Resource

win7-20220812-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.GenericKD.62655029.2208.13021.exe

Resource

win10v2004-20220812-en

guloader downloader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.62655029.2208.13021.exe
- Size
  
  536KB
- MD5
  
  0d7c11c2202fff468c4e9f8ed29b682d
- SHA1
  
  cd9e6dd5e7c55e9bebf9f184c6826f7548185006
- SHA256
  
  5736beeb3bcccf928f1520272f417f37c19758762b14819485c8a1bf6220b817
- SHA512
  
  0c6098cd61473090ecc8ec0f8f628149b93febdff7f2e0d553504c2703c420546ffd6abf6c02403a9088856d9e8cac6701ca52c09c94b79629f85b411f6c9e86
- SSDEEP
  
  6144:5B+pgUzkmJo/iXl2PfBanor7zs1fP/mz2Po9Row9AckGsePWy:5gLaiXBn87QRmio9CweGsdy
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy