guloader | c77bc7cea8a315c9127b1d2d54641663218256f2a668f9bbf4f955b18ddf7fff | Triage

Submit
Reports

Overview

overview

Static

static

1

QUOTATIO.exe

windows7-x64

QUOTATIO.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

QUOTATION.IMG
Size

1.2MB
Sample

230323-czemeada78
MD5

dd5e9ed542ab909ea09d3dda6cd562b9
SHA1

7a8fc0ad1c08c051a6c294e8a15aea813a1f3972
SHA256

c77bc7cea8a315c9127b1d2d54641663218256f2a668f9bbf4f955b18ddf7fff
SHA512

1dddb449773b31bb4b12809c27721175b4a1f602fcb336e7a94637bdedf2919c8313b05f0893f35d246d73786cee699b2a18c1e6133887a35572e723a1cd5f0c
SSDEEP

6144:OQLFhHAzxhDJh/xAm2g2bh5jMko872Ed+7RKlOLRkpT4c0hM9egWlg:zFWVhDT/R21172wDC6p8298g

Score

10^/10

guloader discovery downloader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

QUOTATIO.exe

Resource

win7-20230220-en

guloader discovery downloader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

QUOTATIO.exe

Resource

win10v2004-20230220-en

guloader discovery downloader spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  QUOTATIO.EXE
- Size
  
  297KB
- MD5
  
  8d2e9406accfc4e70e8717acd1acac0f
- SHA1
  
  879ee79717775fc82af2f34875be6d3953454221
- SHA256
  
  4bf75ced5431972bf4d34227e7fbf107f16ca9879bee1d0b225321ee100e3a11
- SHA512
  
  c676b10e8275a305bada959c664751c95844cab6c1f959f9ba00157c886c462017a51def3704f081f0798cd0cb0c58db8c75d262c368464deccbc2cfbec92454
- SSDEEP
  
  6144:kQLFhHAzxhDJh/xAm2g2bh5jMko872Ed+7RKlOLRkpT4c0hM9egWlgy:xFWVhDT/R21172wDC6p8298gy
Score

10^/10

guloader discovery downloader spyware stealer
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloaderspywarestealer

© 2018-2025

Terms | Privacy