guloader | 2a954efecb0cd053da1b9e25d9bde3bac97656052e97f1d4a8b63b322b8109e5 | Triage

Sharing

General

Target

Facturas Pagadas al Vencimiento_pdf.vbs
Size

342KB
Sample

230207-vppzhacg93
MD5

cb94cd3fbd5c2d7bc9d43317b78b9295
SHA1

fb6863217e97b1929e50743c48066b11908ca086
SHA256

2a954efecb0cd053da1b9e25d9bde3bac97656052e97f1d4a8b63b322b8109e5
SHA512

afe6899ddbaf47eff15b0ba7c742eb55de6c3c58fe4a7dcf95b717c89bf72cb3cbd5f535b8e57456df9ec1308f79dbacd6c1fe6fe2d8f4cc157f8340f0e08cd0
SSDEEP

6144:vR/dbtBgl4tlqbs/+Yfp87VY/T9r0X0nT1QYE1IhnANxdibcIW1OAUE8cV9xRW8J:Z/dbt3tlqb09y7VITp5QYEqpTcILAUEn

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Facturas Pagadas al Vencimiento_pdf.vbs
- Size
  
  342KB
- MD5
  
  cb94cd3fbd5c2d7bc9d43317b78b9295
- SHA1
  
  fb6863217e97b1929e50743c48066b11908ca086
- SHA256
  
  2a954efecb0cd053da1b9e25d9bde3bac97656052e97f1d4a8b63b322b8109e5
- SHA512
  
  afe6899ddbaf47eff15b0ba7c742eb55de6c3c58fe4a7dcf95b717c89bf72cb3cbd5f535b8e57456df9ec1308f79dbacd6c1fe6fe2d8f4cc157f8340f0e08cd0
- SSDEEP
  
  6144:vR/dbtBgl4tlqbs/+Yfp87VY/T9r0X0nT1QYE1IhnANxdibcIW1OAUE8cV9xRW8J:Z/dbt3tlqb09y7VITp5QYEqpTcILAUEn
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2