guloader | 2fe5d3d7cbc13f03b9a0f9003a398849ab0eb853b803fbc62b9daa680476eec1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fe5d3d7cbc13f03b9a0f9003a398849ab0eb853b803fbc62b9daa680476eec1
Size

123KB
Sample

221012-tez62sadf9
MD5

8210e0cabbd4e79a621b30cfca2106db
SHA1

592bd87ad32e2bf6f0a4d85d08002a9d2513c062
SHA256

2fe5d3d7cbc13f03b9a0f9003a398849ab0eb853b803fbc62b9daa680476eec1
SHA512

42829a1172ca142cacd0dce5c04db73e9e23568dad643f95d42212048275923e16993391b97c7d64c94b0d4c00c01932f3555b32e6dca1c819e9f4164d8f6781
SSDEEP

3072:WuxVUg3yGDRb8lc7uO1AejubkEfDH4u3s3MXIbykqb:JgORafejuxfT4u16ub

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  2fe5d3d7cbc13f03b9a0f9003a398849ab0eb853b803fbc62b9daa680476eec1
- Size
  
  123KB
- MD5
  
  8210e0cabbd4e79a621b30cfca2106db
- SHA1
  
  592bd87ad32e2bf6f0a4d85d08002a9d2513c062
- SHA256
  
  2fe5d3d7cbc13f03b9a0f9003a398849ab0eb853b803fbc62b9daa680476eec1
- SHA512
  
  42829a1172ca142cacd0dce5c04db73e9e23568dad643f95d42212048275923e16993391b97c7d64c94b0d4c00c01932f3555b32e6dca1c819e9f4164d8f6781
- SSDEEP
  
  3072:WuxVUg3yGDRb8lc7uO1AejubkEfDH4u3s3MXIbykqb:JgORafejuxfT4u16ub
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader