guloader | 279f526bb1ae20608965f03b3509ac9700543aa423e467da898a2004aeb39b4e | Triage

Submit
Reports

Overview

overview

Static

static

AWBTwo shi...BM.rtf

windows7-x64

AWBTwo shi...BM.rtf

windows10-2004-x64

1

Sharing

General

Target

AWBTwo shipment combined=NEW AIR--SJOINT+CMZ for CPKM, ex PVGSRG, QTY8ROLLS64KG0.14CBM.doc
Size

37KB
Sample

221215-sqrtdacf69
MD5

df8bdc4bd98cac7d713244e5006c0a8b
SHA1

ada6f67e071c7827912459cdbf645c1a97e4359b
SHA256

279f526bb1ae20608965f03b3509ac9700543aa423e467da898a2004aeb39b4e
SHA512

1f8e513315054d7f06f84b685f9bc7fccdd8acb4b8c0eee129de509ac4cd1edb4193f82746f6d3ace958ed569336094b713ba85c6e21918ca9458f49de1ddcba
SSDEEP

768:2Fx0XaIsnPRIa4fwJMRFx0XaIsnPRIa4fwJMK1JIyV1pMqT:2f0Xvx3EMRf0Xvx3EMK/jYe

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

AWBTwo shipment combined=NEW AIR--SJOINT+CMZ for CPKM, ex PVGSRG, QTY8ROLLS64KG0.14CBM.rtf

Resource

win7-20220901-en

guloader downloader

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

AWBTwo shipment combined=NEW AIR--SJOINT+CMZ for CPKM, ex PVGSRG, QTY8ROLLS64KG0.14CBM.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  AWBTwo shipment combined=NEW AIR--SJOINT+CMZ for CPKM, ex PVGSRG, QTY8ROLLS64KG0.14CBM.doc
- Size
  
  37KB
- MD5
  
  df8bdc4bd98cac7d713244e5006c0a8b
- SHA1
  
  ada6f67e071c7827912459cdbf645c1a97e4359b
- SHA256
  
  279f526bb1ae20608965f03b3509ac9700543aa423e467da898a2004aeb39b4e
- SHA512
  
  1f8e513315054d7f06f84b685f9bc7fccdd8acb4b8c0eee129de509ac4cd1edb4193f82746f6d3ace958ed569336094b713ba85c6e21918ca9458f49de1ddcba
- SSDEEP
  
  768:2Fx0XaIsnPRIa4fwJMRFx0XaIsnPRIa4fwJMK1JIyV1pMqT:2f0Xvx3EMRf0Xvx3EMK/jYe
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

© 2018-2024

Terms | Privacy