guloader | 8803e95a526b1711590210f2d6b892a7c315691e1ce163f12a1a50510bda4217 | Triage

Sharing

General

Target

8803E95A526B1711590210F2D6B892A7C315691E1CE163F12A1A50510BDA4217
Size

44KB
Sample

230518-cfkdjshc46
MD5

2778f11c44ccf7201e431dcd5d77b6aa
SHA1

0ad323bf819117e89394fb05ea613358620bbeeb
SHA256

8803e95a526b1711590210f2d6b892a7c315691e1ce163f12a1a50510bda4217
SHA512

0a34d3bc13bec629de4cd99e6671a782acd4e7380a2b3663537ca2b308c5a34538043eacb7d0e369b8b9b0e40edc6233839eb89010343f89b76be81547467e5a
SSDEEP

768:iokQx/yY/Pthmpcv6WcnUvNPhn5/WsQWLj8EYsu22HdqqXQKpM2hDwOnzuTt:jyYqpwBoUv5h5+s8cCdXQx2hDwOnzI

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  STatEment-of-Accounts-15th-mARCH-2023_ACCOUNT-SUMMARY_REF_QUTYT_125KB_0000000000000000000.vbs
- Size
  
  31KB
- MD5
  
  58cba3aa60ed8857deb32d90c47660b1
- SHA1
  
  4cc7ea4c8fa38f54fe77185e6946ae71341c5bd3
- SHA256
  
  6ac3b02c068631d96b3fef677a7145b1d1d327af6f8b625f1536959bf69a1ab4
- SHA512
  
  3e718367014d6ffaefa2531f5fafc1cd3741d25b70298ce7caed2f83041b1ef4f947f90f53b827b3206d161fd19a6776c32f458b6e9e11128f2792640e14657a
- SSDEEP
  
  768:cuKPqBHxLXe21oomQdDPgl3nn4kFP7vdlrMpu6nq6S:FRxLu21oomQdcl3n4kFPH4DNS
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2

guloaderdownloaderpersistence