guloader | ace2708a36fc8a360c22c2fe5ab8a9f54b142bc2fb719b021063a7068847ed37 | Triage

Submit
Reports

Overview

overview

Static

static

2023-15-New Order.xls

windows7-x64

2023-15-New Order.xls

windows10-2004-x64

1

Sharing

General

Target

2023-15-New Order.xls
Size

1.3MB
Sample

230116-tzsygahg87
MD5

eaf38d5a0ede9ff90f43092b8d6fa438
SHA1

3974b0262d8955cc30af49a70dc244c3b737c005
SHA256

ace2708a36fc8a360c22c2fe5ab8a9f54b142bc2fb719b021063a7068847ed37
SHA512

9a04d13c0f8a45428c06afd96bc5e979a796b0178f25e2be32e8d2a87172d925df42ac65777e33294f423a791ca79c78f7934a6d41de44546758311efb44c9ab
SSDEEP

24576:SZyHSmo4mxpfg4mzaipu5HdEdkbiyGvSRBXXXXXXXXXXXXUXXXXXXXXXXXXXXXXw:cBdmWuFkPSzXHAPb

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

2023-15-New Order.xls

Resource

win7-20220812-en

guloader downloader

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-15-New Order.xls

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-15-New Order.xls
- Size
  
  1.3MB
- MD5
  
  eaf38d5a0ede9ff90f43092b8d6fa438
- SHA1
  
  3974b0262d8955cc30af49a70dc244c3b737c005
- SHA256
  
  ace2708a36fc8a360c22c2fe5ab8a9f54b142bc2fb719b021063a7068847ed37
- SHA512
  
  9a04d13c0f8a45428c06afd96bc5e979a796b0178f25e2be32e8d2a87172d925df42ac65777e33294f423a791ca79c78f7934a6d41de44546758311efb44c9ab
- SSDEEP
  
  24576:SZyHSmo4mxpfg4mzaipu5HdEdkbiyGvSRBXXXXXXXXXXXXUXXXXXXXXXXXXXXXXw:cBdmWuFkPSzXHAPb
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

© 2018-2024

Terms | Privacy