guloader | 2e97f4d6bf16c0c918f48301129830bf11639ac0090c6eb937b126345fcc2185 | Triage

Sharing

General

Target

f9523a569eaa47e6ce6dc10c9b07117b.exe
Size

476KB
Sample

230808-rg9gdsee61
MD5

f9523a569eaa47e6ce6dc10c9b07117b
SHA1

01859c3360b613e1d8663b8edb702bea32ef65cc
SHA256

2e97f4d6bf16c0c918f48301129830bf11639ac0090c6eb937b126345fcc2185
SHA512

453345710c0cb4f047e05f4b4af112866b9355f885b3d257c83cd75ed4943050d90a7c85b3d186bf81860a2e43d0ebde5b8cbcb7f315d19aee11b81484a9311b
SSDEEP

6144:AmOPUVI5v8AiOEUi4+9Ret/+qw0iTOMeH/ThI3E8pEu77jKsU4kyvzvDlMh/BlUn:n+8dOluU/+qw0XBb4vvzTks5Mh7wo+

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  f9523a569eaa47e6ce6dc10c9b07117b.exe
- Size
  
  476KB
- MD5
  
  f9523a569eaa47e6ce6dc10c9b07117b
- SHA1
  
  01859c3360b613e1d8663b8edb702bea32ef65cc
- SHA256
  
  2e97f4d6bf16c0c918f48301129830bf11639ac0090c6eb937b126345fcc2185
- SHA512
  
  453345710c0cb4f047e05f4b4af112866b9355f885b3d257c83cd75ed4943050d90a7c85b3d186bf81860a2e43d0ebde5b8cbcb7f315d19aee11b81484a9311b
- SSDEEP
  
  6144:AmOPUVI5v8AiOEUi4+9Ret/+qw0iTOMeH/ThI3E8pEu77jKsU4kyvzvDlMh/BlUn:n+8dOluU/+qw0XBb4vvzTks5Mh7wo+
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader