guloader | b93013f9eeaa89bba201cb7de1a61d35d878f3919bd9cc0148baf9234aed0e3f | Triage

Sharing

General

Target

8193696406.zip
Size

120KB
Sample

221017-t71chscegq
MD5

2253b3be80b1ec98f7207e0cced7ac5e
SHA1

4998d3c5bf921156b0d4e84281cbd108961a8529
SHA256

b93013f9eeaa89bba201cb7de1a61d35d878f3919bd9cc0148baf9234aed0e3f
SHA512

dfd3bd63b321b1ca02b6835723e784c6afc08487f90ba2ca5efed5cdea75264cd7b0d4ac151c4b37a1b427e88aff26a05edb505d68a1f92226e2879ba78f2c6f
SSDEEP

3072:O4KktqzHCnP9MH5P/IMXD6GrURwolmtRFVN:O4Lt7P9MH53IwD6VctRN

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  BBVA-Confirming Liquidaci�n por Factorizaci�n de Cr�ditos.vbs
- Size
  
  224KB
- MD5
  
  e35f3706cb85fd4aee9dac90f8c71969
- SHA1
  
  18abd21c3ee85141d5019accc075c141a048e2c8
- SHA256
  
  63d6c34863ea341dfa7898d28dc6651f7da5386feb3a4e35d456091f2e6c5bbe
- SHA512
  
  da872e9ce33fe4538f7e7b03b1ab00e45e13aff1a2909c64e3ff9fe5d718a459c4359597a8f9558476427461bd0cb749b79c78dfbc0e88738945e734077963a4
- SSDEEP
  
  6144:hKDeku1ATq/cX1JtrzoEp9mLCUSQ3GbpOxEQfic:hKZu1A+0FJOEpkquGM9
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader