guloader | 211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a | Triage

Submit
Reports

Overview

overview

Static

static

1

211f251197...2a.exe

windows7-x64

211f251197...2a.exe

windows10-2004-x64

Sharing

General

Target

211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a
Size

1.2MB
Sample

231011-q247qsce85
MD5

e0e523c11c9633506225aa2b1f87c255
SHA1

d67f9445a32f2c8c4057b69b929b6b9a63ec0673
SHA256

211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a
SHA512

4cc2bfea3fcf4bd371fb8ff5155a41e15fb55a5e2311296fc72ad128c03ba4dd5c4da32744a9f01c62852e8e3cb9d77394b75be3f65294bf77d66cc6a128bc98
SSDEEP

24576:8CVIPeJg4nk95ACjKC4onl8Q3wlRjMPybTJmU:rmPb4nIACjKCxl13ojMPybl

Score

10^/10

guloader downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a.exe

Resource

win7-20230831-en

guloader downloader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a.exe

Resource

win10v2004-20230915-en

guloader downloader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a
- Size
  
  1.2MB
- MD5
  
  e0e523c11c9633506225aa2b1f87c255
- SHA1
  
  d67f9445a32f2c8c4057b69b929b6b9a63ec0673
- SHA256
  
  211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a
- SHA512
  
  4cc2bfea3fcf4bd371fb8ff5155a41e15fb55a5e2311296fc72ad128c03ba4dd5c4da32744a9f01c62852e8e3cb9d77394b75be3f65294bf77d66cc6a128bc98
- SSDEEP
  
  24576:8CVIPeJg4nk95ACjKC4onl8Q3wlRjMPybTJmU:rmPb4nIACjKCxl13ojMPybl
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy