guloader | 5caabf39bc8f07554b249ff09f23b3551644485172384cd1215cfe967582d9ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PSID CA 0338-2023-24.exe
Size

1.0MB
Sample

231023-hzcqpsgf75
MD5

002b5b4dc69a87e58c8cfd17c3e8a942
SHA1

d2e27a221356918b75569cd9e36184f7d8880604
SHA256

5caabf39bc8f07554b249ff09f23b3551644485172384cd1215cfe967582d9ab
SHA512

84c9c1396b2ff403a4aacd8cfa18d13e4fde9ddafaa08bbf463fc01a47e0c73447a27353a62f243e335cf01a3cf5860804b28b86ea6b985d68e1da105ff08161
SSDEEP

24576:w2mvDENPmTMDi/eUPdToG/xpzWEGgsjzAaAbWuUV04e:+vDEpAveUZTzhG3sa+3UO4e

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  PSID CA 0338-2023-24.exe
- Size
  
  1.0MB
- MD5
  
  002b5b4dc69a87e58c8cfd17c3e8a942
- SHA1
  
  d2e27a221356918b75569cd9e36184f7d8880604
- SHA256
  
  5caabf39bc8f07554b249ff09f23b3551644485172384cd1215cfe967582d9ab
- SHA512
  
  84c9c1396b2ff403a4aacd8cfa18d13e4fde9ddafaa08bbf463fc01a47e0c73447a27353a62f243e335cf01a3cf5860804b28b86ea6b985d68e1da105ff08161
- SSDEEP
  
  24576:w2mvDENPmTMDi/eUPdToG/xpzWEGgsjzAaAbWuUV04e:+vDEpAveUZTzhG3sa+3UO4e
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2

guloaderdownloaderpersistence