guloader | 562ec1673c90fd1932f60b0f4e26e02a059347b88aa2d8fc0bddd058427d6946 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

BrentFishe...df.lnk

windows10-2004-x64

Sharing

General

Target

BrentFisherUSTax.pdf.lnk
Size

2KB
Sample

230301-1qjrrsac85
MD5

cfb0a94f960a8e52c4017da1d4d12bff
SHA1

33a3045df1a8306c1e46b0f5b6ad40d4547f6045
SHA256

562ec1673c90fd1932f60b0f4e26e02a059347b88aa2d8fc0bddd058427d6946
SHA512

4f298a350ec57fb26b810d39fbee95f26b769b7fe51c41b00d8fcd7adc661d3af1961d26bbeb2a3522df085254ca5826af1554cbe2ce8ecf3555dab6687d0c99

Score

10^/10

guloader downloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

BrentFisherUSTax.pdf.lnk

Resource

win10v2004-20230220-en

guloader downloader persistence

windows10-2004-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  BrentFisherUSTax.pdf.lnk
- Size
  
  2KB
- MD5
  
  cfb0a94f960a8e52c4017da1d4d12bff
- SHA1
  
  33a3045df1a8306c1e46b0f5b6ad40d4547f6045
- SHA256
  
  562ec1673c90fd1932f60b0f4e26e02a059347b88aa2d8fc0bddd058427d6946
- SHA512
  
  4f298a350ec57fb26b810d39fbee95f26b769b7fe51c41b00d8fcd7adc661d3af1961d26bbeb2a3522df085254ca5826af1554cbe2ce8ecf3555dab6687d0c99
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

© 2018-2025

Terms | Privacy