guloader | 91462acfc4f35dff999212c39b7af758218247450f2a512af62b96e627a841a3 | Triage

Sharing

General

Target

91462acfc4f35dff999212c39b7af758218247450f2a512af62b96e627a841a3
Size

96KB
Sample

221125-l2ybzach7z
MD5

a9198d67e94337c984183de458a85415
SHA1

da4b4c0e1d1b250feb23195cc8180d6ac9fd458d
SHA256

91462acfc4f35dff999212c39b7af758218247450f2a512af62b96e627a841a3
SHA512

6ec66af0c5216f969721d9d2fe60109b96443267751ac81a9fa7f60ed1c41af936a35b3609051ca5c0a2cfb4321e062ce57989a35e021c06f7238a4945c56944
SSDEEP

768:Lv2l/l9tCL+iyGkNFou/WRmGSaKAEPcsQcO4O8W3BQqY+ifvZ1:r2nR5zO3EM46BQbNv/

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://www.mediafire.com/file/bymrb2gp5bgcoih/gbam_encrypted_5D2CF20.bin/file

Targets

- Target
  
  91462acfc4f35dff999212c39b7af758218247450f2a512af62b96e627a841a3
- Size
  
  96KB
- MD5
  
  a9198d67e94337c984183de458a85415
- SHA1
  
  da4b4c0e1d1b250feb23195cc8180d6ac9fd458d
- SHA256
  
  91462acfc4f35dff999212c39b7af758218247450f2a512af62b96e627a841a3
- SHA512
  
  6ec66af0c5216f969721d9d2fe60109b96443267751ac81a9fa7f60ed1c41af936a35b3609051ca5c0a2cfb4321e062ce57989a35e021c06f7238a4945c56944
- SSDEEP
  
  768:Lv2l/l9tCL+iyGkNFou/WRmGSaKAEPcsQcO4O8W3BQqY+ifvZ1:r2nR5zO3EM46BQbNv/
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader