guloader | a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd | Triage

Submit
Reports

Overview

overview

Static

static

3

a41d188257...bd.exe

windows7-x64

a41d188257...bd.exe

windows10-2004-x64

Sharing

General

Target

a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
Size

112KB
Sample

230805-nh7gmsde5y
MD5

4b4debcb75be0928c8c0a0171f4d2688
SHA1

f062d25c0745ae824353b13a18e6274c8717adea
SHA256

a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
SHA512

e85d0771dc17a87383230131a9e43465d2acfdf7e4aab9f11eeb6edea7277a5c05f361c25531b0fc1db6b45a27105e75d84512ffe24e043d67618299adb22e35
SSDEEP

1536:thSPfxV40TQees275kgrKHxLdGKc+o0FDHdZ1gIMblSnwKegt8oxgi3Xxb:uPXTYs8pKVdhjFD9zwNXy5

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd.exe

Resource

win7-20230712-en

guloader downloader guloader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd.exe

Resource

win10v2004-20230703-en

guloader downloader guloader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://filebin.net/1xu1936lh9awcx8g/udoka_dBIUNiSj27.bin?t=u1zue6zq

xor.base64

Targets

- Target
  
  a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
- Size
  
  112KB
- MD5
  
  4b4debcb75be0928c8c0a0171f4d2688
- SHA1
  
  f062d25c0745ae824353b13a18e6274c8717adea
- SHA256
  
  a41d188257e3be36a9077bb1044680e7f53bef22c1c1dcc0ce650df2b6a8fcbd
- SHA512
  
  e85d0771dc17a87383230131a9e43465d2acfdf7e4aab9f11eeb6edea7277a5c05f361c25531b0fc1db6b45a27105e75d84512ffe24e043d67618299adb22e35
- SSDEEP
  
  1536:thSPfxV40TQees275kgrKHxLdGKc+o0FDHdZ1gIMblSnwKegt8oxgi3Xxb:uPXTYs8pKVdhjFD9zwNXy5
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy