guloader | e689963b4319dd5d5249ac1c629af5951f4e90db8040bf7ee33492e54c2c6487 | Triage

Submit
Reports

Overview

overview

Static

static

1

DOCUMENT839$#789.exe

windows7-x64

DOCUMENT839$#789.exe

windows10-2004-x64

Sharing

General

Target

DOCUMENT839$#789.exe
Size

280KB
Sample

230127-hn73gaab3v
MD5

eeab2b63b0cf6d658e8c2ce3d675d0a4
SHA1

8dc3099040d3ebfb5a3ff70f47113ccd35056ea1
SHA256

e689963b4319dd5d5249ac1c629af5951f4e90db8040bf7ee33492e54c2c6487
SHA512

6afc37686b93501ee95537ff23ba505aefcdbff04218716e97258044918e95eebc57c3c4e09677a455fd02a574c8d90abea11b952e1f68b14466dcce6221f250
SSDEEP

6144:ThRZveJuZhAg4T2OSCgTSB5RulTjbuUGRRrZxwq7hcpv9gQ6zvyG:92JuZhP/pkaTjbuRrT7hcplgQ0

Score

10^/10

guloader discovery downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DOCUMENT839$#789.exe

Resource

win7-20220901-en

guloader discovery downloader

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOCUMENT839$#789.exe

Resource

win10v2004-20221111-en

guloader discovery downloader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  DOCUMENT839$#789.exe
- Size
  
  280KB
- MD5
  
  eeab2b63b0cf6d658e8c2ce3d675d0a4
- SHA1
  
  8dc3099040d3ebfb5a3ff70f47113ccd35056ea1
- SHA256
  
  e689963b4319dd5d5249ac1c629af5951f4e90db8040bf7ee33492e54c2c6487
- SHA512
  
  6afc37686b93501ee95537ff23ba505aefcdbff04218716e97258044918e95eebc57c3c4e09677a455fd02a574c8d90abea11b952e1f68b14466dcce6221f250
- SSDEEP
  
  6144:ThRZveJuZhAg4T2OSCgTSB5RulTjbuUGRRrZxwq7hcpv9gQ6zvyG:92JuZhP/pkaTjbuRrT7hcplgQ0
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2024

Terms | Privacy