guloader | 40cdd093ba008a7793e8e75e015b4a1e627391865d3d4f863fe4f3c90f1b8fdc | Triage

Sharing

General

Target

GENERAL MOTORS TECHNICAL CENTER DEC ORDER_pdf.gz
Size

360KB
Sample

221219-vst3mafe57
MD5

bcd6a013594a9398416d510079cd9378
SHA1

e7a06c1672a5b72dc34104eb01f28d361589f27e
SHA256

40cdd093ba008a7793e8e75e015b4a1e627391865d3d4f863fe4f3c90f1b8fdc
SHA512

0087da813108faadc480d6b11a4812eecade66786545463d282347a4c1610c86d720a2f84221a95a7285936e70cf45ac103622f114b2bed2f9b92d46a0a36ee0
SSDEEP

6144:TVzVhABcGqJzgiRZLcvnTOA9EG+ZGgdO/lpCCF58OZHklB6R6pt2fMjPt0DIVSOI:x+qJ0ivgTEG+zdO/t/8sHklB6RSttPtY

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  GENERAL MOTORS TECHNICAL CENTER DEC ORDER_pdf.exe
- Size
  
  504KB
- MD5
  
  129a36dcc6d70013044a17edae59afc7
- SHA1
  
  2e35c48f7cb08a4465fe1e6806abfd4109604954
- SHA256
  
  a3e2e5e8102c7b974d1782bd87f75add6aafced9d91563deff0a56790ba20424
- SHA512
  
  82db999c21e5bf3d8120819c35ae50e36f524c44c5290ff27190422c2a0b422e0ce4d7241d08ea663f71109bb9d1944ce2d5021b539377f29b9ef9eb01293bb4
- SSDEEP
  
  12288:Hclp1paBxEg+9Jq/WLwEzF8wHkrB6RIt7lt0+lJOorl1:HCnanE99wtEzOwWB6K7lt0+Gwl1
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2