guloader | d2a7db4b5d96370d8693b3e204af84f3b607ccd744b204e1a3321e007d9ab8c4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

rSkeledes.exe

windows7-x64

rSkeledes.exe

windows10-2004-x64

Sharing

General

Target

rSkeledes.exe
Size

503KB
Sample

231012-q628yach5x
MD5

ea1d99e95c51be095f8271952b26acb8
SHA1

1172ff4e5d077d79f47f81f1e4ec3288ec608799
SHA256

d2a7db4b5d96370d8693b3e204af84f3b607ccd744b204e1a3321e007d9ab8c4
SHA512

42f57e99a0a2a534b7c1ca89515c43212ab2c7df394f03186b526a4d3ec78385af502692cfbe631ecd984175232d9a6e13bc4e893ad0abee65434e9abb9c1bdd
SSDEEP

12288:6wc+rgbIhKjQfDDPURqqwYb7csVLuKOEy41cdgev+AVRUj0DgUDsR:6WrgbIwQfDwRq9Yb7cQdb1cGlGR4y0

Score

10^/10

guloader downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

rSkeledes.exe

Resource

win7-20230831-en

guloader downloader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

rSkeledes.exe

Resource

win10v2004-20230915-en

guloader downloader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  rSkeledes.exe
- Size
  
  503KB
- MD5
  
  ea1d99e95c51be095f8271952b26acb8
- SHA1
  
  1172ff4e5d077d79f47f81f1e4ec3288ec608799
- SHA256
  
  d2a7db4b5d96370d8693b3e204af84f3b607ccd744b204e1a3321e007d9ab8c4
- SHA512
  
  42f57e99a0a2a534b7c1ca89515c43212ab2c7df394f03186b526a4d3ec78385af502692cfbe631ecd984175232d9a6e13bc4e893ad0abee65434e9abb9c1bdd
- SSDEEP
  
  12288:6wc+rgbIhKjQfDDPURqqwYb7csVLuKOEy41cdgev+AVRUj0DgUDsR:6WrgbIwQfDwRq9Yb7cQdb1cGlGR4y0
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy