guloader | a8c49acf97bd1900431f1be3327cd04dda4254991cb0aefa2659d7c1196dca2b | Triage

Sharing

General

Target

39bda8790bb767e8ba43c5e2c4bc2b1e.bin
Size

12KB
Sample

240110-brbp4scdb4
MD5

1c2537d32d379aa836c681ea2a5ab0a8
SHA1

5cb16385c1cbcb819ebcce0d3fa8b139f8feec34
SHA256

a8c49acf97bd1900431f1be3327cd04dda4254991cb0aefa2659d7c1196dca2b
SHA512

b2e22be78c74145e442e4aad4d13d9ff66c411f55e0e8c50a2af4a3d173ce0d853ea794dfeec0dd9582e8df099ad928f120e0e901b89d97c813ad300b06774d2
SSDEEP

384:sc2/imwverCafMKZjolLtW3Qs07K1BmCmkJj:tnHeFzZjolLqQs0+1BWG

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  c21cf8dfa9cf69bdb43a9c94feac2efce76cd36ee262500649f276bf2ad7884d.vbs
- Size
  
  23KB
- MD5
  
  39bda8790bb767e8ba43c5e2c4bc2b1e
- SHA1
  
  9ed26902c630225d72a5f162b4807563e76e3440
- SHA256
  
  c21cf8dfa9cf69bdb43a9c94feac2efce76cd36ee262500649f276bf2ad7884d
- SHA512
  
  0e3b9c9297e81a1c999d67391894868842718e13952b88182eea6336edb4e2ed386924798cff77fa08ba72fb45a9449a4dcd65d26c2732245c4befbd1b937c1b
- SSDEEP
  
  384:Q548z9dQKdq4J/oGeg+geJvAjkO2kgChy609NcHoN0Lrkaqf19mtlcoQ/U3UTCPx:Q54Mjxdq4+txJ4jkO3gCo39CK0pqt9mP
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2