guloader | 428de4e7cbe460a1226c51dbe80cef11560239abfb0d6baa7e8664a8726e73f5 | Triage

Sharing

General

Target

428de4e7cbe460a1226c51dbe80cef11560239abfb0d6baa7e8664a8726e73f5.exe
Size

1.2MB
Sample

240306-cqlz5ahf64
MD5

9d5eb89430a3fbb76a89bfc366d3f67a
SHA1

35d692f12e566347a9b73bca10613e888eb6c4fc
SHA256

428de4e7cbe460a1226c51dbe80cef11560239abfb0d6baa7e8664a8726e73f5
SHA512

09a32866cd81de645e5f62437372d8a7f6de55c4154a5131537a17fb1ece15c46129654e6c65b5202fb3b0632feda7f93c7f158c30341bef2f7c2d2a52538713
SSDEEP

24576:wDGGviC622UbPBld6mLOtkW2fAbuEtNvL1DqaWPm:UGGvz9Nb5ldzLOtkjIptHWaWm

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  428de4e7cbe460a1226c51dbe80cef11560239abfb0d6baa7e8664a8726e73f5.exe
- Size
  
  1.2MB
- MD5
  
  9d5eb89430a3fbb76a89bfc366d3f67a
- SHA1
  
  35d692f12e566347a9b73bca10613e888eb6c4fc
- SHA256
  
  428de4e7cbe460a1226c51dbe80cef11560239abfb0d6baa7e8664a8726e73f5
- SHA512
  
  09a32866cd81de645e5f62437372d8a7f6de55c4154a5131537a17fb1ece15c46129654e6c65b5202fb3b0632feda7f93c7f158c30341bef2f7c2d2a52538713
- SSDEEP
  
  24576:wDGGviC622UbPBld6mLOtkW2fAbuEtNvL1DqaWPm:UGGvz9Nb5ldzLOtkjIptHWaWm
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  c22c9d7b6937b8960fba4c8a145076b2
- SHA1
  
  2e45c2dd6e5132a942fe940dccdaf771e0f9e81e
- SHA256
  
  510e466a715933499fb9d5a1753b483826b2bf89161b9d466dd2ad7e52ede2fc
- SHA512
  
  b3b93fb97bc0d16ac35a1f0e877bcf42324e19d21839b025329d1b27d8e96bc9c0cbde0a8d60b23fd0c864f62e3c287461108c6abecf53ac488de1fc16b47d6e
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6