guloader | 11a13f0291f2145e792f3f7d18a1c3747767e93b71292a9fdefed34d52dff3b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

prueba de pago.exe
Size

560KB
Sample

230808-m8wmdsdf9z
MD5

f635f99f740b1bd4f2e5c5d968bf3c4a
SHA1

e9d73ba51502695bba19093b63370a431442d225
SHA256

11a13f0291f2145e792f3f7d18a1c3747767e93b71292a9fdefed34d52dff3b8
SHA512

1de9d951ab3f18dc476275820cbc0a1332cb3376dc3ce2562beb506f79534f971adc7ca20bdedac8ef752d798c2dab2b4a9432ba92d2622891990b0f99316c97
SSDEEP

12288:xtHb13bWictv8DDM+1FwFj5u6R257MXXkuOaziOUeq:vbNrcx8DDY5u5VNazDg

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  prueba de pago.exe
- Size
  
  560KB
- MD5
  
  f635f99f740b1bd4f2e5c5d968bf3c4a
- SHA1
  
  e9d73ba51502695bba19093b63370a431442d225
- SHA256
  
  11a13f0291f2145e792f3f7d18a1c3747767e93b71292a9fdefed34d52dff3b8
- SHA512
  
  1de9d951ab3f18dc476275820cbc0a1332cb3376dc3ce2562beb506f79534f971adc7ca20bdedac8ef752d798c2dab2b4a9432ba92d2622891990b0f99316c97
- SSDEEP
  
  12288:xtHb13bWictv8DDM+1FwFj5u6R257MXXkuOaziOUeq:vbNrcx8DDY5u5VNazDg
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader