guloader | 55e2ebdd39c3d6a44cec4e15cf60ac7f68ff7cc768d83201930dbbc9fc4773a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ed7756bd8f1424e59de908c21ee2c39.bin
Size

711KB
Sample

240307-ccw8yada99
MD5

86cc71a702831029f68f1d3877a1e8ef
SHA1

da3275384d41ebc5838f97289eb32ad2c65acd35
SHA256

55e2ebdd39c3d6a44cec4e15cf60ac7f68ff7cc768d83201930dbbc9fc4773a0
SHA512

0915e2e2b9f89cbaa21a405497a347b0115e4f9c899be6ea07a85a89e2c2d598fc337f75388509764f93720bda61f469e08cef43220b0247b6d684c60de14c77
SSDEEP

12288:gGkp+rF3Cl66S2lwNhON/BUbBc7/ipV0hOETZvwOhU4EH59E/CWJ4I:FUl66LwNh/bBc3TZvwOTEH/7WJf

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  67c0293f1073d9c5e96fba1b67e120f2358dd6ceb3db96ef897ef407b62ae842.exe
- Size
  
  807KB
- MD5
  
  5ed7756bd8f1424e59de908c21ee2c39
- SHA1
  
  eb6f5313d4c608fca506a55ec6dc101156867dab
- SHA256
  
  67c0293f1073d9c5e96fba1b67e120f2358dd6ceb3db96ef897ef407b62ae842
- SHA512
  
  34d3a0ff100e858e750575e691bce27683fbe2ba0beb676143cd504d7d673c48006b4af426465c4029d980119698499ec5eced958d2e12938d80ec95ef6ac0bc
- SSDEEP
  
  12288:CfL8Uif4TcO9GJzdAZ3CbUhgXP4uViXdwg1hA6/rwZkPhCl6NWHx:CwUE44O98mhg/TcjhAGrw6PgUG
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  d6fc4fe3af784af6b43b949260f554d7
- SHA1
  
  52bee341291d25ca54689466bf78bf3d85d7be14
- SHA256
  
  af589f31c72066dfeb7dcf16c0fa80c7a03684164e05bb51065f58665eeca202
- SHA512
  
  a9b289d2b571db3783800854553611cce8ec8442fe606812b64de40c13aec0a0db61774f83d5051845bba289b23c57468176a2d60597228a744dfb7f99695a1f
- SSDEEP
  
  96:8eQk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTe4j7J3kWyy/:trTJa2roqJyA2EN8diuTvje
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  9625d5b1754bc4ff29281d415d27a0fd
- SHA1
  
  80e85afc5cccd4c0a3775edbb90595a1a59f5ce0
- SHA256
  
  c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
- SHA512
  
  dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
- SSDEEP
  
  192:eX24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlqSlS:D8QIl972eXqlWBFSt273YOlqz
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6