guloader | bfa5dba46db1253587058b0392c04c8403846fa55d7dcf1044e94e6a654d4715 | Triage

Submit
Reports

Overview

overview

Static

static

Startsym1.exe

windows7-x64

Startsym1.exe

windows10-2004-x64

Sharing

General

Target

Startsym1.exe
Size

48KB
Sample

221025-vgt89adcdp
MD5

1ae080b109bc5ab7cfd42e5d02b12437
SHA1

0e48b88e2a79cc437bfd4934064e2779da9940b8
SHA256

bfa5dba46db1253587058b0392c04c8403846fa55d7dcf1044e94e6a654d4715
SHA512

61f080e620572e4f131c8a931aef775be6c384ae4ff1f843dba30c0f5a399e95e0c23279f8c87cf5da152bda23593133aac030fdc886db29ce9021f77bd3c75a
SSDEEP

384:zqHMmP96PzXflkuAL0OzZOxcejrjTxEABlayQo2HJT4C5+N0ps9o7lBE6:zqHMml8vlkuALR4abfHSCRSMlO

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Startsym1.exe

Resource

win7-20220812-en

guloader downloader guloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Startsym1.exe

Resource

win10v2004-20220812-en

guloader downloader guloader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1THD-itP7iOm05w_6SQSb-C3tgd3cLMzO

xor.base64

Targets

- Target
  
  Startsym1.exe
- Size
  
  48KB
- MD5
  
  1ae080b109bc5ab7cfd42e5d02b12437
- SHA1
  
  0e48b88e2a79cc437bfd4934064e2779da9940b8
- SHA256
  
  bfa5dba46db1253587058b0392c04c8403846fa55d7dcf1044e94e6a654d4715
- SHA512
  
  61f080e620572e4f131c8a931aef775be6c384ae4ff1f843dba30c0f5a399e95e0c23279f8c87cf5da152bda23593133aac030fdc886db29ce9021f77bd3c75a
- SSDEEP
  
  384:zqHMmP96PzXflkuAL0OzZOxcejrjTxEABlayQo2HJT4C5+N0ps9o7lBE6:zqHMml8vlkuALR4abfHSCRSMlO
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy