guloader | 3d8a7528674d15019fad9af9aa35b68cb3f40d10714537e795762ad63dc50cb9 | Triage

Sharing

General

Target

3d8a7528674d15019fad9af9aa35b68cb3f40d10714537e795762ad63dc50cb9
Size

123KB
Sample

230127-kcemwsaa45
MD5

eb0ccaa4b2d09b78f4c9e57adb1bd9af
SHA1

269bb16741eff37c35f73d818749ac4a14c172b5
SHA256

3d8a7528674d15019fad9af9aa35b68cb3f40d10714537e795762ad63dc50cb9
SHA512

ba94a4e50ef8864043f0e1dbe3e63dde1d1968987a4731a1ada0e6214bb69b5d741a478c7361a67e69788f621a1aed6f37248553f3af0cfca6681041e64ed359
SSDEEP

3072:WuxVUg3yGDRb8lc7ui5Qq9RfO+KtuqIPDCpAYIbTrPl+aI3:JgORay1k4WuPN+aI3

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  3d8a7528674d15019fad9af9aa35b68cb3f40d10714537e795762ad63dc50cb9
- Size
  
  123KB
- MD5
  
  eb0ccaa4b2d09b78f4c9e57adb1bd9af
- SHA1
  
  269bb16741eff37c35f73d818749ac4a14c172b5
- SHA256
  
  3d8a7528674d15019fad9af9aa35b68cb3f40d10714537e795762ad63dc50cb9
- SHA512
  
  ba94a4e50ef8864043f0e1dbe3e63dde1d1968987a4731a1ada0e6214bb69b5d741a478c7361a67e69788f621a1aed6f37248553f3af0cfca6681041e64ed359
- SSDEEP
  
  3072:WuxVUg3yGDRb8lc7ui5Qq9RfO+KtuqIPDCpAYIbTrPl+aI3:JgORay1k4WuPN+aI3
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader