guloader | ef52f61d72293b77684d3a964c2364594ab247c455b3f1085734c70e6c309923 | Triage

Sharing

General

Target

25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3.7z
Size

23KB
Sample

230622-ppmlgsed24
MD5

2944426d4916c3348f3dfc9bc7f07b3d
SHA1

1e517273d0bb7b706f765de9420790ab0c29929d
SHA256

ef52f61d72293b77684d3a964c2364594ab247c455b3f1085734c70e6c309923
SHA512

62bb601ca9e6229c12f2bf21fc796f4aa95a3498228526aa549185837c0ee023d4987ad57f4b5840d12c4032687bd183e38b0233db342f958a0efa555de10803
SSDEEP

384:2L6E5zqKicER8DEoOd3EglUqNSmHsV1B51pXpaY6ZDkJWqVx4:27LV28DEosJ7NSmS1T1p36yJWqVO

Score

10^/10

guloader downloader guloader persistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=10PD-W3hWlmuvHXXk8P04aQBvtnEAA19B

Targets

- Target
  
  25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3
- Size
  
  120KB
- MD5
  
  a316a5b62622650b5935330e50b3162a
- SHA1
  
  433a20935b701abce79913d55939fc902534886f
- SHA256
  
  25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3
- SHA512
  
  3c20726f478e0db072e10b77d18dd941e27ab124a2a30be19730d991d8b3e2811b1f2eef488d2834ba4c6d9270c80a5ef979c525dc67193a172934244cd8f453
- SSDEEP
  
  1536:fi5RdyK4JDkBQomLWVNeEL9Zt2gpi5RdyK4JDkBQomLWVNeEL:6NAWQomId0NAWQomI
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence