guloader | 66c26fbf2a4e3405e7ae29b67046bacbf2318e6b81c3aaa0599b7e716c606a98 | Triage

Sharing

General

Target

rfq_new_order_sheet_2024_PO_NoRZODOSKY00000.7z.zip
Size

10KB
Sample

240103-h8ydrsehf8
MD5

97c40e9eac2f60ed869f28d216b46c5c
SHA1

6d7a6d3bb907e49f542501b0e43cf1440373d1aa
SHA256

66c26fbf2a4e3405e7ae29b67046bacbf2318e6b81c3aaa0599b7e716c606a98
SHA512

d16f5ac132a2d32360f77b2ac5fe42246eb50f30c7562fe37f4dd9e93ea33dd03c3c4cdeb48234b00c8798c1211edb62eda373da2c1253c6d05339c6a0d8edd9
SSDEEP

192:2mM9TsOtp2qbIFMxf1S6sADqojHd+wyejWGElQJ5qqCIRKgqJUv9Bwa6z5ctv9VY:8e2p2mIvzgHkwyejWGEFav9Bpt9VQXD3

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  rfq_new_order_sheet_2024_PO_NoRZODOSKY00000.vbs
- Size
  
  18KB
- MD5
  
  87982f1f940cc4ad215ce2dd3fe45678
- SHA1
  
  ab69b4663d660eefd6bae607b5f471761c90d934
- SHA256
  
  05f0ff8b8b6a8040947d1e42e4dc6ee89b109634afbd957279a36f758f33067a
- SHA512
  
  b1663c1a95eadd5b4d083a93bc39c79e3755b2502b365a1dd6370d896718f3ef89a70301741ffecc9e604d02b95c81e77b22dab9360807bd7a2a4941c20d92d9
- SSDEEP
  
  192:GAARWxC3Mebmv9g9njInwpBWLXajbv3IzOru9Uf+lpsYrIwR2+DC1otzeeoreNh6:GxCC3MebmliBRbAOcpsmD8NvWaJnEcv
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2