guloader | c5fdd2b1883246a188a2410bb276961732718a76e5d380ef8fe1db8e05f72915 | Triage

Sharing

General

Target

SKMBT_8812202816310TD01_20230128_17355 XLS.vbs
Size

62KB
Sample

230201-kcfvysce88
MD5

b1b4116585f8ad91d96392d0b931f317
SHA1

74c7f75227bac7df1cd2098f30727ddd21cd5b77
SHA256

c5fdd2b1883246a188a2410bb276961732718a76e5d380ef8fe1db8e05f72915
SHA512

cfe7f0b12f821d13fdbde559d0b86a9fd845d64b3d63628f08e16fb430c70ca706148157c4de09e607aa15bc9efb4dac2089e9c2ca5f5064130c7e1d9057c8b4
SSDEEP

1536:F3EyvLpylJpwwY9qdH7W78MUOp/dWvEVWE/d:F/v1ylJWwyqdH7W7HUgdAE4g

Score

10^/10

guloader downloader

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=1zVdm4TylTH05tqt2K3tMhxuhguEtNYmV

Targets

- Target
  
  SKMBT_8812202816310TD01_20230128_17355 XLS.vbs
- Size
  
  62KB
- MD5
  
  b1b4116585f8ad91d96392d0b931f317
- SHA1
  
  74c7f75227bac7df1cd2098f30727ddd21cd5b77
- SHA256
  
  c5fdd2b1883246a188a2410bb276961732718a76e5d380ef8fe1db8e05f72915
- SHA512
  
  cfe7f0b12f821d13fdbde559d0b86a9fd845d64b3d63628f08e16fb430c70ca706148157c4de09e607aa15bc9efb4dac2089e9c2ca5f5064130c7e1d9057c8b4
- SSDEEP
  
  1536:F3EyvLpylJpwwY9qdH7W78MUOp/dWvEVWE/d:F/v1ylJWwyqdH7W7HUgdAE4g
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2