guloader | 3f4fc4a448b6dd81657ca70d8d26321c940320a10ae852f57d6a0646c5198f59 | Triage

Sharing

General

Target

3f4fc4a448b6dd81657ca70d8d26321c940320a10ae852f57d6a0646c5198f59
Size

496KB
Sample

230509-nw2tbahe7y
MD5

a373c959d3342ccfae068f24135567b2
SHA1

759ed5ef848afc0ea014756aab1384d3d8c6ffc2
SHA256

3f4fc4a448b6dd81657ca70d8d26321c940320a10ae852f57d6a0646c5198f59
SHA512

ac4af5b477f726caffe9c31e73d6734f5f23e1460fe389bbf536a39e0503de54020bd27311c8a159db93c19529d6d109941aad7c6abaf0e184cb80f2c8ab3e4b
SSDEEP

12288:nbbtfMwL1zbguKDoXeC5gmV9oJufNZDRDrrhCJgkcQ8KYMf:nb5f/REZ1s7DVygDW

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  3f4fc4a448b6dd81657ca70d8d26321c940320a10ae852f57d6a0646c5198f59
- Size
  
  496KB
- MD5
  
  a373c959d3342ccfae068f24135567b2
- SHA1
  
  759ed5ef848afc0ea014756aab1384d3d8c6ffc2
- SHA256
  
  3f4fc4a448b6dd81657ca70d8d26321c940320a10ae852f57d6a0646c5198f59
- SHA512
  
  ac4af5b477f726caffe9c31e73d6734f5f23e1460fe389bbf536a39e0503de54020bd27311c8a159db93c19529d6d109941aad7c6abaf0e184cb80f2c8ab3e4b
- SSDEEP
  
  12288:nbbtfMwL1zbguKDoXeC5gmV9oJufNZDRDrrhCJgkcQ8KYMf:nb5f/REZ1s7DVygDW
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader