guloader | c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf | Triage

Sharing

General

Target

c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
Size

104KB
Sample

230129-vfglrsec85
MD5

5349b5908937badcc7da5a7e533ce5f2
SHA1

a3cccd7025d680f5f2f80180938b4a727af17fe6
SHA256

c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
SHA512

a618120c797756e352d6bc2094da0cc7ce5f4e1eeefe7e192774b7c9e0170397e531198fc932e48b9131ab9f677a4614794cb421f667c053e73ca15d6acc97a2
SSDEEP

1536:vX48EADaxqABSEbn/kFxqWyGYE0X48EAD:exqABS+sPqWD

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://mtspsmjeli.sch.id/cl/VK_Remcos%20v2_AxaGIU151.bin

xor.base64

Targets

- Target
  
  c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
- Size
  
  104KB
- MD5
  
  5349b5908937badcc7da5a7e533ce5f2
- SHA1
  
  a3cccd7025d680f5f2f80180938b4a727af17fe6
- SHA256
  
  c79daeeb345b091760f3f1ac357454315d5d7b12792a129396b37da6a4bda5cf
- SHA512
  
  a618120c797756e352d6bc2094da0cc7ce5f4e1eeefe7e192774b7c9e0170397e531198fc932e48b9131ab9f677a4614794cb421f667c053e73ca15d6acc97a2
- SSDEEP
  
  1536:vX48EADaxqABSEbn/kFxqWyGYE0X48EAD:exqABS+sPqWD
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader