guloader | 4e9e679e0a75b7e5156f207d63e805ca76dbbd9ebac47fae5caf2b76f457dc86 | Triage

Submit
Reports

Overview

overview

Static

static

3

25baa5a4cc...a3.exe

windows10-2004-x64

Sharing

General

Target

25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3.7z
Size

23KB
Sample

230623-nz43vaee86
MD5

40b8690f2a1b1db9960cabe8343cc835
SHA1

315240a4422f238945465e36c9e303e95389a36f
SHA256

4e9e679e0a75b7e5156f207d63e805ca76dbbd9ebac47fae5caf2b76f457dc86
SHA512

149005cff50164ca74bbeffa198d7a2d839ff78265ab65e6e0a07c7690d754c9c23cade6b3cfd3dcf703e03cf84c5f6aec41104c27757459ee18a411673d12b6
SSDEEP

384:6Ho5YNhg4lvqka23JfbetIccrihK7dnOtaWmA4Gn8d63+DnfFOylioEFlmmPEdAg:6jRa25hr+edOtaWmz4kTlibTxrRsjj

Score

10^/10

guloader downloader guloader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3.exe

Resource

win10v2004-20230621-en

guloader downloader guloader persistence

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=10PD-W3hWlmuvHXXk8P04aQBvtnEAA19B

Targets

- Target
  
  25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3
- Size
  
  120KB
- MD5
  
  a316a5b62622650b5935330e50b3162a
- SHA1
  
  433a20935b701abce79913d55939fc902534886f
- SHA256
  
  25baa5a4cc0147ca1dbaca906af789daa667ffbdde7c34dbdf398ce01b85f6a3
- SHA512
  
  3c20726f478e0db072e10b77d18dd941e27ab124a2a30be19730d991d8b3e2811b1f2eef488d2834ba4c6d9270c80a5ef979c525dc67193a172934244cd8f453
- SSDEEP
  
  1536:fi5RdyK4JDkBQomLWVNeEL9Zt2gpi5RdyK4JDkBQomLWVNeEL:6NAWQomId0NAWQomI
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy