guloader | 11ea8640caec973b1823c96000bd50a2c604317888111273f7e93a37412fa2a9 | Triage

Submit
Reports

Overview

overview

Static

static

BookingDet...76.exe

windows7-x64

BookingDet...76.exe

windows10-2004-x64

Sharing

General

Target

BookingDetails77#6276.exe
Size

575KB
Sample

230130-j42q3ahf87
MD5

21bf08d7ebefc5793425948710c808c5
SHA1

7979095366362b5e07a1845e29d5989245dc5f6b
SHA256

11ea8640caec973b1823c96000bd50a2c604317888111273f7e93a37412fa2a9
SHA512

43f0a55c39ffb09e6b994673817fb57935c17a6e3a8c5b10f089403da58616ad92f1e8aa842e73ce6299c4fdec4eab2d3c702180f8c97ed11bed80480be5ca7e
SSDEEP

12288:b7EWNDJccwIWYh7jBw383vKmgKuICqwfmcNjRtBnMAr82:MUlyYtjDKmgmChOsNfC2

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

BookingDetails77#6276.exe

Resource

win7-20220812-en

guloader discovery downloader

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

BookingDetails77#6276.exe

Resource

win10v2004-20221111-en

guloader discovery downloader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  BookingDetails77#6276.exe
- Size
  
  575KB
- MD5
  
  21bf08d7ebefc5793425948710c808c5
- SHA1
  
  7979095366362b5e07a1845e29d5989245dc5f6b
- SHA256
  
  11ea8640caec973b1823c96000bd50a2c604317888111273f7e93a37412fa2a9
- SHA512
  
  43f0a55c39ffb09e6b994673817fb57935c17a6e3a8c5b10f089403da58616ad92f1e8aa842e73ce6299c4fdec4eab2d3c702180f8c97ed11bed80480be5ca7e
- SSDEEP
  
  12288:b7EWNDJccwIWYh7jBw383vKmgKuICqwfmcNjRtBnMAr82:MUlyYtjDKmgmChOsNfC2
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2024

Terms | Privacy