guloader | 14384560101a2899411222cff1fc0dc0cd3afdfc1cc57e810c0adadd415157dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ecesises.exe
Size

563KB
Sample

230816-p8sxlscg5x
MD5

e2b6b68494a8efe3dcc6eb711bc7a2e9
SHA1

ed38516bd865835abf0b07479494a2b1723d41e4
SHA256

14384560101a2899411222cff1fc0dc0cd3afdfc1cc57e810c0adadd415157dc
SHA512

b4cda8c0a49e9f346129c7fcf47e3f53a5c2626fd0095c3ba94b9ac56e0ad539b180187f480aa2515b3d8391f7e655cc1cd09b41dc7410f048ec16579ce0132d
SSDEEP

12288:+BXPB4M54WaGqJ1YWXgsAgKDkvj90h79mi03O4fGgPO:s4MBaQWQsA/ovpuRm7O3

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Ecesises.exe
- Size
  
  563KB
- MD5
  
  e2b6b68494a8efe3dcc6eb711bc7a2e9
- SHA1
  
  ed38516bd865835abf0b07479494a2b1723d41e4
- SHA256
  
  14384560101a2899411222cff1fc0dc0cd3afdfc1cc57e810c0adadd415157dc
- SHA512
  
  b4cda8c0a49e9f346129c7fcf47e3f53a5c2626fd0095c3ba94b9ac56e0ad539b180187f480aa2515b3d8391f7e655cc1cd09b41dc7410f048ec16579ce0132d
- SSDEEP
  
  12288:+BXPB4M54WaGqJ1YWXgsAgKDkvj90h79mi03O4fGgPO:s4MBaQWQsA/ovpuRm7O3
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader