guloader | 0def7d73911ecdbf1bc59fbdc411fc5d92d1a597cd554f448db0f0f48cc49159 | Triage

Sharing

General

Target

Bestellung_45825233.vbs
Size

309KB
Sample

221219-z6mb6agb48
MD5

5acd70fd92eec5b204a729ce0db756a3
SHA1

871fc9c775e29b2cbaf6e5b22517b975601e480f
SHA256

0def7d73911ecdbf1bc59fbdc411fc5d92d1a597cd554f448db0f0f48cc49159
SHA512

e0300931878fddaf05763bb33d23bc735a20b9fa46eeb3b463f9b86cd8dc7709e3ce7225bbd59b9463d94cdb5cdee09bcbd3c799b75ba6862ef7d73afc35f746
SSDEEP

6144:oQL4IPbMwKxizpG5NdJmbk/CyqkkjMTKGosDI/xx4oz58Vn7+rv:4CMzuGPSlgZoHJxti7+rv

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Bestellung_45825233.vbs
- Size
  
  309KB
- MD5
  
  5acd70fd92eec5b204a729ce0db756a3
- SHA1
  
  871fc9c775e29b2cbaf6e5b22517b975601e480f
- SHA256
  
  0def7d73911ecdbf1bc59fbdc411fc5d92d1a597cd554f448db0f0f48cc49159
- SHA512
  
  e0300931878fddaf05763bb33d23bc735a20b9fa46eeb3b463f9b86cd8dc7709e3ce7225bbd59b9463d94cdb5cdee09bcbd3c799b75ba6862ef7d73afc35f746
- SSDEEP
  
  6144:oQL4IPbMwKxizpG5NdJmbk/CyqkkjMTKGosDI/xx4oz58Vn7+rv:4CMzuGPSlgZoHJxti7+rv
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2