guloader | 7f4ff933c625b4928374c7e49ce9a8edf8330cb55e025a74c23188eeec3e95e1 | Triage

Submit
Reports

Overview

overview

Static

static

3

793fd72de2...59.exe

windows7-x64

793fd72de2...59.exe

windows10-2004-x64

Sharing

General

Target

07d88b39efd596674939bdcb015965ac.bin
Size

267KB
Sample

230504-bc2b8abc91
MD5

4421d32be45bc9cbdfb261073d2b849d
SHA1

270efbc336b804e6d20d44788047401c3fdddb52
SHA256

7f4ff933c625b4928374c7e49ce9a8edf8330cb55e025a74c23188eeec3e95e1
SHA512

5af48acd11dd9d1b15a622b088c4fd2a29a783fff45f1fa49748e5091e9cc246368f581d5ef7ff71b332771376bc9f8412ae3e5b7f086f08a80f158fea9a20bd
SSDEEP

6144:j8qBpOrrcHu/B1S6a1KZMn1dxtMYBFKVI5DQI5gMMdJMkH1M3IeEa:j8GmCuvSL1KZ41drlBmwU0kH1LeD

Score

10^/10

guloader downloader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

793fd72de26ca82fbb56a14449a994058f34b4dc3fa1e7562ad32e5b405d3659.exe

Resource

win7-20230220-en

guloader downloader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

793fd72de26ca82fbb56a14449a994058f34b4dc3fa1e7562ad32e5b405d3659.exe

Resource

win10v2004-20230220-en

guloader downloader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  793fd72de26ca82fbb56a14449a994058f34b4dc3fa1e7562ad32e5b405d3659.exe
- Size
  
  302KB
- MD5
  
  07d88b39efd596674939bdcb015965ac
- SHA1
  
  cb003424683e922dcd18ea8dc3fe6db72fd5e694
- SHA256
  
  793fd72de26ca82fbb56a14449a994058f34b4dc3fa1e7562ad32e5b405d3659
- SHA512
  
  289f99a85fc2bda89fa8d835bc0ddff218172a1a90629a940f9fb852de94c4223ccbfe2e0508732279b8e636e44001da51430d0c07b9aea47e18f61e44138d3f
- SSDEEP
  
  6144:V7ewbW4Tvmpj0et4b72tQ+L6fLq3vJlq4tfR5VcJ6rfB0yj+OUu:5VbWhpn4bte6fLovJV5V66N0iUu
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy