guloader | 7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa | Triage

Submit
Reports

Overview

overview

Static

static

VAN DE WER...pg.exe

windows7-x64

VAN DE WER...pg.exe

windows10-2004-x64

Sharing

General

Target

VAN DE WERT - po240975_jpg.exe
Size

445KB
Sample

221222-rneklahg3v
MD5

e5fdfc2e819712600c1cf79d4f274022
SHA1

bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d
SHA256

7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa
SHA512

aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21
SSDEEP

12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

VAN DE WERT - po240975_jpg.exe

Resource

win7-20221111-en

guloader downloader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

VAN DE WERT - po240975_jpg.exe

Resource

win10v2004-20220812-en

guloader downloader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  VAN DE WERT - po240975_jpg.exe
- Size
  
  445KB
- MD5
  
  e5fdfc2e819712600c1cf79d4f274022
- SHA1
  
  bc947ca0dc25f1ba54ccbe5a14d84f53f22feb9d
- SHA256
  
  7c54b7d54c409f3eee45a1ed7e7eee5da5c0577c2fcf974defa989d75a9ef9aa
- SHA512
  
  aec8f7481909206169cc7f51b6fb7747e214f237db71ba7ec523a495256179412a17eab91346e9d04b6c622743a4b7693b5bc64a6c3e0ece9f9b4b63c47ddf21
- SSDEEP
  
  12288:SzgOyj6Yd/6W48bLL+NVkOb/wZKpYgIgfC:jOyvd/zLLAVkObosW
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2024

Terms | Privacy