guloader | 5b3bdcc6a13c551a42d31a66e0546648ffa5a41dd79a4d367992785a0c259c4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b3bdcc6a13c551a42d31a66e0546648ffa5a41dd79a4d367992785a0c259c4b_JC.exe
Size

1002KB
Sample

231010-v7zxesfa7z
MD5

341876f1aa06d857f6e8d349ed95f6dd
SHA1

173b249c21a6fdc76d28af36f632afff8fd3bb49
SHA256

5b3bdcc6a13c551a42d31a66e0546648ffa5a41dd79a4d367992785a0c259c4b
SHA512

a031cfd3dd8ed2aa46268315841aa94ffc0542d48fbb8efbda87e3d2c1ad40cf541c5ec48f34e972aa72a330cc83245c8ae6a8404194b3d190f8531ae9ab3d57
SSDEEP

24576:UeXmiSZ3YNp9jTDh1bM6mfcIuBFo7WCBYR06Nu0wz:y5+NTjJ9MjkIYo7FS0H

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  5b3bdcc6a13c551a42d31a66e0546648ffa5a41dd79a4d367992785a0c259c4b_JC.exe
- Size
  
  1002KB
- MD5
  
  341876f1aa06d857f6e8d349ed95f6dd
- SHA1
  
  173b249c21a6fdc76d28af36f632afff8fd3bb49
- SHA256
  
  5b3bdcc6a13c551a42d31a66e0546648ffa5a41dd79a4d367992785a0c259c4b
- SHA512
  
  a031cfd3dd8ed2aa46268315841aa94ffc0542d48fbb8efbda87e3d2c1ad40cf541c5ec48f34e972aa72a330cc83245c8ae6a8404194b3d190f8531ae9ab3d57
- SSDEEP
  
  24576:UeXmiSZ3YNp9jTDh1bM6mfcIuBFo7WCBYR06Nu0wz:y5+NTjJ9MjkIYo7FS0H
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader