guloader | 3fb8bf3a22c854a1b7f94dcbbdf647036cce8ba7353d8358e5f0fb94a5a0df76 | Triage

Submit
Reports

Overview

overview

Static

static

1

FedTaxUS20...df.lnk

windows7-x64

3

FedTaxUS20...df.lnk

windows10-2004-x64

Sharing

General

Target

FedTaxUS2021.zip
Size

6.6MB
Sample

230328-k5xn6sbg9t
MD5

ba251ec9906aed7385b84fe338d14b4a
SHA1

66645844443eb214af0676fd1bb0467a32e63518
SHA256

3fb8bf3a22c854a1b7f94dcbbdf647036cce8ba7353d8358e5f0fb94a5a0df76
SHA512

804331f846d64b320e69aba400d66c0faa7e68bbabfd160efe162f2c919caabf1dc8500ce7f602d4b66927d69a04a3a85027f00432cb310b7de8ec331e7377b6
SSDEEP

196608:Q1SZ6ufJQEjVdm0w8ay2xN6YveDgzUUDv1/:evvKm0wsPDqbx/

Score

10^/10

guloader downloader persistence

Static task

static1

Behavioral task

behavioral1

Sample

FedTaxUS2021/FedTaxUS.pdf.lnk

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

FedTaxUS2021/FedTaxUS.pdf.lnk

Resource

win10v2004-20230220-en

guloader downloader persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  FedTaxUS2021/FedTaxUS.pdf.lnk
- Size
  
  2KB
- MD5
  
  83c0ef791c1898ea398b8f3f5d45d373
- SHA1
  
  b2921d538d998101e7d1c348fa4b0420395b01d3
- SHA256
  
  de78ba7cedda5de72f399a0bd7b597e880ebd517144bbeb2dd0a4e12d353d749
- SHA512
  
  a76d11bcce8226b36fbfb32b94dbb16b63201254cdde9a063300649ff8234002aefdd37c932abbdc0c15bdade261ff4668b73413d5a4a904e85a67917bac9732
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderpersistence

© 2018-2024

Terms | Privacy