guloader | bb31bb50a27cf9f9c1020a3a07308b6a247016f7e61d76cd65f55878fe3aa479 | Triage

Submit
Reports

Overview

overview

Static

static

3

10e5aba7f3...47.exe

windows7-x64

10e5aba7f3...47.exe

windows10-2004-x64

Sharing

General

Target

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c_bb31bb50a27cf9f9c1020a3a07308b6a247016f7e61d76cd65f55878fe3aa479.exe
Size

115KB
Sample

240226-h2t3rsgc5v
MD5

ed7f7b7b495dc71b85aaac38b267b5e3
SHA1

e4eac720e34303d753f84f5047ef8e99d05b0696
SHA256

bb31bb50a27cf9f9c1020a3a07308b6a247016f7e61d76cd65f55878fe3aa479
SHA512

76a4d7fe82de32e3ad86b0be9c827516f57a9aff1e046b6d25564bb4d7b749d68db857dd18bf738e81f36a3dc0694533201ce62b4be75e368d4b6e850493bfaf
SSDEEP

3072:TBtjiTHGb/fyQW6qqxFRsvPOW31bfrnb/dtXG12X:TDVqQ+Z

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c_bb31bb50a27cf9f9c1020a3a07308b6a247.exe

Resource

win7-20240221-en

guloader downloader guloader

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c_bb31bb50a27cf9f9c1020a3a07308b6a247.exe

Resource

win10v2004-20240221-en

guloader downloader guloader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1x4QIaEIYJueFynpzhwtnkaCxNkLmm3B0

xor.base64

Targets

- Target
  
  10e5aba7f34c9acff9ff3bd7d959fd719ca6327dc09f5dbdd976167ad6304f9c_bb31bb50a27cf9f9c1020a3a07308b6a247016f7e61d76cd65f55878fe3aa479.exe
- Size
  
  115KB
- MD5
  
  ed7f7b7b495dc71b85aaac38b267b5e3
- SHA1
  
  e4eac720e34303d753f84f5047ef8e99d05b0696
- SHA256
  
  bb31bb50a27cf9f9c1020a3a07308b6a247016f7e61d76cd65f55878fe3aa479
- SHA512
  
  76a4d7fe82de32e3ad86b0be9c827516f57a9aff1e046b6d25564bb4d7b749d68db857dd18bf738e81f36a3dc0694533201ce62b4be75e368d4b6e850493bfaf
- SSDEEP
  
  3072:TBtjiTHGb/fyQW6qqxFRsvPOW31bfrnb/dtXG12X:TDVqQ+Z
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy