guloader | 1cb00eec4e790856cd41b150ced2cd44b04b67c6210745baaedadd3f3d4bb390 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Signed_RFQ_Order.exe
Size

575KB
Sample

240123-mbx4yshdgm
MD5

a17b25fd47b12083ca9e7ac1113563e0
SHA1

43c2787d8d2dacf959ced9ef03fce78bd974c195
SHA256

1cb00eec4e790856cd41b150ced2cd44b04b67c6210745baaedadd3f3d4bb390
SHA512

51263fe7f9a45da7f4ea01065b4602dd570c9d18ad5910310d83af14065983007aa86b11b92fa7899b8fd4d9020ad95da9f054c461e8b4829233e8b83ab93ead
SSDEEP

12288:aa7zkUqQM2Ij9lbegEsP+McXvgtorYgsqyYUSz7dULXim1:lzk8ClCgqMcXvCSYgHueg

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  Signed_RFQ_Order.exe
- Size
  
  575KB
- MD5
  
  a17b25fd47b12083ca9e7ac1113563e0
- SHA1
  
  43c2787d8d2dacf959ced9ef03fce78bd974c195
- SHA256
  
  1cb00eec4e790856cd41b150ced2cd44b04b67c6210745baaedadd3f3d4bb390
- SHA512
  
  51263fe7f9a45da7f4ea01065b4602dd570c9d18ad5910310d83af14065983007aa86b11b92fa7899b8fd4d9020ad95da9f054c461e8b4829233e8b83ab93ead
- SSDEEP
  
  12288:aa7zkUqQM2Ij9lbegEsP+McXvgtorYgsqyYUSz7dULXim1:lzk8ClCgqMcXvCSYgHueg
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Borickite/Lydsidens/Tellys/Rindes.Gaa
- Size
  
  25KB
- MD5
  
  3d70a9e67eaf95e60a6e40caf76d3bac
- SHA1
  
  a7ddd601c5424f64bcdf3932b73433bfb42e51fa
- SHA256
  
  969bbd66a083c88e1bb30bde316accfb05e52c24622caf1fd06036ea9bd00245
- SHA512
  
  78181da5e37bb50c4aa9c747e126eb732ec74dd70815e4dc06d3afcef655a7c8a0fd21b2be63ae44fc9a14990c72ff25134030870a2a630f07ec18451326a9cd
- SSDEEP
  
  768:N+gn7xCf0iRXMscGNYnmPBIJZ8ofmRDgjRR4WmR2O:N+gnUfTiscQYnF8OjC2O
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2

guloaderdownloaderpersistence

behavioral3

behavioral4