guloader | 2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90 | Triage

Submit
Reports

Overview

overview

Static

static

MIL0039084...CE.xls

windows7-x64

MIL0039084...CE.xls

windows10-2004-x64

1

Sharing

General

Target

MIL003908461 DHL INVOICE.xls
Size

1.1MB
Sample

230113-gxx37aad8w
MD5

63e3bfaaa31cc2014010270ecfbc72be
SHA1

7d28d8f975934c9b3f341696916e52c6e773c040
SHA256

2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90
SHA512

b93522ae4c61e7b20cb97fa76334625429a6cc0e1b7c6531c793b49cb8e0367e5dd65e37ba9877fb0dfb47bc000075a06b01f983e98e0ebc6c152abbfefa2390
SSDEEP

24576:1Zy/er9XXXXXXXDXXXXUXXXXXXXXXXXXXXXX3m9muaa7+3Jlfq03BNH:fooaKsJli

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

MIL003908461 DHL INVOICE.xls

Resource

win7-20221111-en

guloader downloader

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

MIL003908461 DHL INVOICE.xls

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  MIL003908461 DHL INVOICE.xls
- Size
  
  1.1MB
- MD5
  
  63e3bfaaa31cc2014010270ecfbc72be
- SHA1
  
  7d28d8f975934c9b3f341696916e52c6e773c040
- SHA256
  
  2c585eb6a6b3d165c75312f0676e312fc0b1c9dbfd63ab4a060356669f605c90
- SHA512
  
  b93522ae4c61e7b20cb97fa76334625429a6cc0e1b7c6531c793b49cb8e0367e5dd65e37ba9877fb0dfb47bc000075a06b01f983e98e0ebc6c152abbfefa2390
- SSDEEP
  
  24576:1Zy/er9XXXXXXXDXXXXUXXXXXXXXXXXXXXXX3m9muaa7+3Jlfq03BNH:fooaKsJli
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

© 2018-2024

Terms | Privacy