guloader | db19a753c3b30fefe4c2cad16fc3646fa1c4d4d3f662d1fc6e58fc8b61d44e57 | Triage

Submit
Reports

Overview

overview

Static

static

1

DHLINV001267.exe

windows7-x64

DHLINV001267.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

DHLINV001267.exe
Size

269KB
Sample

230321-l7ef2shf89
MD5

7f5a72fce10b2cdea0e20bc6fcdfc156
SHA1

2f607bb5b006a795160fa0cebafa10760aee8bf7
SHA256

db19a753c3b30fefe4c2cad16fc3646fa1c4d4d3f662d1fc6e58fc8b61d44e57
SHA512

87bfe658b57ce54819c65f51b9bbada4b21f6a7f8371b3a01f3573f997afb518ae36a34b7f7c47bc7ee9421407adf09afae99c7ff8b6ace6b0852c42728e77f4
SSDEEP

6144:B6dHcc0krbiEX4jvA+DfegMY9QELC5nmkZtzJ8gfi+W87brhem:rcZrbXX4jvpbelY9QEoNZtzJ8Wi+v7br

Score

10^/10

guloader discovery downloader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHLINV001267.exe

Resource

win7-20230220-en

guloader discovery downloader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHLINV001267.exe

Resource

win10v2004-20230220-en

guloader discovery downloader spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  DHLINV001267.exe
- Size
  
  269KB
- MD5
  
  7f5a72fce10b2cdea0e20bc6fcdfc156
- SHA1
  
  2f607bb5b006a795160fa0cebafa10760aee8bf7
- SHA256
  
  db19a753c3b30fefe4c2cad16fc3646fa1c4d4d3f662d1fc6e58fc8b61d44e57
- SHA512
  
  87bfe658b57ce54819c65f51b9bbada4b21f6a7f8371b3a01f3573f997afb518ae36a34b7f7c47bc7ee9421407adf09afae99c7ff8b6ace6b0852c42728e77f4
- SSDEEP
  
  6144:B6dHcc0krbiEX4jvA+DfegMY9QELC5nmkZtzJ8gfi+W87brhem:rcZrbXX4jvpbelY9QEoNZtzJ8Wi+v7br
Score

10^/10

guloader discovery downloader spyware stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloaderspywarestealer

© 2018-2025

Terms | Privacy