guloader | 4a184a5dba434c3111b51a7ebb61be06ca8673c6f01e5ba73b972d1b49748f9a | Triage

Sharing

General

Target

JEIL-INT_PO#963529965-JEIL96002.vbs
Size

309KB
Sample

221220-ll3azscc8s
MD5

617a92eb190683ee6358e54f4cefa934
SHA1

bae170e5e8bbc06c4ad14fa2af1178e9f0792b29
SHA256

4a184a5dba434c3111b51a7ebb61be06ca8673c6f01e5ba73b972d1b49748f9a
SHA512

7fee5e8004b74ba3d2830e1198e7d9326e2de6af3fabc45b77010abf0bbee44326f9e5a845d7edff90326be677b185a94b764001eae34503092ee65cc0f8638b
SSDEEP

6144:Qo+zunMI9l6SnFw7OOeyxa3OE/h63vks0Nqp7xFD7SZtLGA6u:Ql6MID3+7dbxYOWVtqp7nLnu

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  JEIL-INT_PO#963529965-JEIL96002.vbs
- Size
  
  309KB
- MD5
  
  617a92eb190683ee6358e54f4cefa934
- SHA1
  
  bae170e5e8bbc06c4ad14fa2af1178e9f0792b29
- SHA256
  
  4a184a5dba434c3111b51a7ebb61be06ca8673c6f01e5ba73b972d1b49748f9a
- SHA512
  
  7fee5e8004b74ba3d2830e1198e7d9326e2de6af3fabc45b77010abf0bbee44326f9e5a845d7edff90326be677b185a94b764001eae34503092ee65cc0f8638b
- SSDEEP
  
  6144:Qo+zunMI9l6SnFw7OOeyxa3OE/h63vks0Nqp7xFD7SZtLGA6u:Ql6MID3+7dbxYOWVtqp7nLnu
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader