guloader | 2c950f03c05cc4bc0016fef20e6e35c03a5299f97cf46c2748cdfdedcceb3b04 | Triage

Sharing

General

Target

Sample Drawing IMG Purchase Order No.CINVPO20000002344.pdf.r27
Size

565KB
Sample

221215-tykkpscg82
MD5

7926a11fee634234da4d25ef06688fe2
SHA1

5d32c69de76a75f4f91a2f4698bd5cc96f413847
SHA256

2c950f03c05cc4bc0016fef20e6e35c03a5299f97cf46c2748cdfdedcceb3b04
SHA512

c614af7eb4237e2e0af52ba0ad057a493f15b6975eab97ab098e1966c6e873716ee1b427b2107acc53dfadde2beeeed659c2bd6abbbc8e45459c096bbfdcb1d4
SSDEEP

12288:huts7TV4p1chqs8jcfzxf6VKlHe7R1khRAbacklYOVRa2yuyFbg:ke7TV+u55fJ60He7M7cyaptFbg

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Sample Drawing IMG Purchase Order No. CINVPO20000002344.pdf.exe
- Size
  
  638KB
- MD5
  
  64b2a30bec89e89714b391908fb8ceff
- SHA1
  
  ece05a0ce3cb7b1524e607121525dce53d5ef362
- SHA256
  
  a18ddbcb974723faec3f0bda9244216649786ca41471cc63049999d0408d7009
- SHA512
  
  aa566aee44ef54b562e6bae962595fae352fbeaa8787c0bb60522e3843e99c8e61e0d5144360dcb039c8b35a2b40b497fc02c3e6fdbb79d101befb959c370bfb
- SSDEEP
  
  12288:5ms7kmH3YwbAD4IzsdumUV7/fXnG4Jbt1YuVQ7MCnC+xYXTC+bkqspoD:0swets4Iz6rU/fXXXWuVQAwxeWE1b
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader