guloader | 49ac5f8e93405000797da63ae1940247ba0d142d901b10709fadbd73f1c9e613 | Triage

Sharing

General

Target

PO753285-R962R.vbs
Size

312KB
Sample

221219-p3txqafa48
MD5

e78e16bb9ca9f241fa120eea2fab0835
SHA1

7ed629a2188c522cec23b01ca51724cfef06161e
SHA256

49ac5f8e93405000797da63ae1940247ba0d142d901b10709fadbd73f1c9e613
SHA512

c60007f35d1f0103b91bf77088c04594102fe6467d0b852353a32219e43f7a53c7db02c7d163158089c536c7da5fdf31b8c5fb7367f71f9878eb32815c3ff7a2
SSDEEP

6144:BRwW1rIERcrf7hHMvgNfmkDQYG6uDSqpaxtD+6t5t53GX:BRLrI8cT7hHMvCOkD9GMqpa/6X

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  PO753285-R962R.vbs
- Size
  
  312KB
- MD5
  
  e78e16bb9ca9f241fa120eea2fab0835
- SHA1
  
  7ed629a2188c522cec23b01ca51724cfef06161e
- SHA256
  
  49ac5f8e93405000797da63ae1940247ba0d142d901b10709fadbd73f1c9e613
- SHA512
  
  c60007f35d1f0103b91bf77088c04594102fe6467d0b852353a32219e43f7a53c7db02c7d163158089c536c7da5fdf31b8c5fb7367f71f9878eb32815c3ff7a2
- SSDEEP
  
  6144:BRwW1rIERcrf7hHMvgNfmkDQYG6uDSqpaxtD+6t5t53GX:BRLrI8cT7hHMvCOkD9GMqpa/6X
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader