guloader | 769e6002b8038a0a87c66347326d314fa597a228c04c9ec58e3c2a6e686da7db | Triage

Resubmissions

26-08-2023 10:00

230826-l1zteahd33 10

26-08-2023 09:28

230826-lfrbjahc59 10

Sharing

General

Target

gugugugugugugugug_wo_diupc.bin
Size

264KB
Sample

230826-l1zteahd33
MD5

261ef432dd56efebf6dc147767a15c19
SHA1

9db6923256f869f391f24d07961e4fdff7a59c76
SHA256

769e6002b8038a0a87c66347326d314fa597a228c04c9ec58e3c2a6e686da7db
SHA512

e25837e2c67f5852024b133750fe89eb7d60a6242b38d7f523f0d392b438c338745a5074e7136e77a17e3b769dd54e474aaccccbee508c6409d2c9f587e97690
SSDEEP

6144:K4SkHQ8gHm5XapVQoVssdw815FN9aCXZ3xu3IGa44wj:K4SlmopVfVs4jDRaE34Y2

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  gugugugugugugugug_wo_diupc.bin
- Size
  
  264KB
- MD5
  
  261ef432dd56efebf6dc147767a15c19
- SHA1
  
  9db6923256f869f391f24d07961e4fdff7a59c76
- SHA256
  
  769e6002b8038a0a87c66347326d314fa597a228c04c9ec58e3c2a6e686da7db
- SHA512
  
  e25837e2c67f5852024b133750fe89eb7d60a6242b38d7f523f0d392b438c338745a5074e7136e77a17e3b769dd54e474aaccccbee508c6409d2c9f587e97690
- SSDEEP
  
  6144:K4SkHQ8gHm5XapVQoVssdw815FN9aCXZ3xu3IGa44wj:K4SlmopVfVs4jDRaE34Y2
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader