guloader | fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54 | Triage

Sharing

General

Target

ConfirmingPagadas.vbs
Size

332KB
Sample

230201-slrmtaac73
MD5

90b20f23d77c3dfd4ebad8538a5c4284
SHA1

c6f9c9c3261e0ae23fd9310fc717fd2854c65c41
SHA256

fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54
SHA512

62234df693e5eb24e1fe9a218c83aaf439d328b64c185b6638ec193649199739f1c1dcd14cbccf7a232efa0108130393edebca6a59e7e2704ebdd2a20cf779bb
SSDEEP

6144:hvFUdh1+32YLjSuRCMF7x9N6t3CeLVVZw6POOonCfONYUzrW66do+wY:hvFIh03dLjfRCMZg3CeZDbP3FsC6ytwY

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  ConfirmingPagadas.vbs
- Size
  
  332KB
- MD5
  
  90b20f23d77c3dfd4ebad8538a5c4284
- SHA1
  
  c6f9c9c3261e0ae23fd9310fc717fd2854c65c41
- SHA256
  
  fd981dec6198cda93c6d0cecc8891612efbcab4731461d7b6b9b42fdc3831a54
- SHA512
  
  62234df693e5eb24e1fe9a218c83aaf439d328b64c185b6638ec193649199739f1c1dcd14cbccf7a232efa0108130393edebca6a59e7e2704ebdd2a20cf779bb
- SSDEEP
  
  6144:hvFUdh1+32YLjSuRCMF7x9N6t3CeLVVZw6POOonCfONYUzrW66do+wY:hvFIh03dLjfRCMZg3CeZDbP3FsC6ytwY
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2