guloader | 5f1e0f38892fa826e9ade5fcd69cbbc899c57fd52e9907dfa74347572123f8cd | Triage

Sharing

General

Target

e14e1a5eb00ccb045dcce6e9f3f377b3
Size

7.2MB
Sample

240327-k6cqdsha88
MD5

e14e1a5eb00ccb045dcce6e9f3f377b3
SHA1

d4e08847fd5c2fadefe095e4335a92c9c4654afe
SHA256

5f1e0f38892fa826e9ade5fcd69cbbc899c57fd52e9907dfa74347572123f8cd
SHA512

4bd274156a7e498ad6f2ad05c32b8926ed49f08efaccc36de66c2928078550c3dd09f86a04685d2e65fb6ac5b16ec15dfd7d14811825117e0316274e91dd9811
SSDEEP

1536:b2ZwdtaOViJcQ7rTx8p78FbMu38pyrZS5HgtKtcmB+DTFJXuDbCn30FhwHEoNWd7:b2qt12HkICuspr+tkf8pMDwEQkwq

Score

10^/10

guloader downloader guloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Z973IXg9O5dGqPa4plcv-WuBZ8HbRzBe

xor.base64

Targets

- Target
  
  e14e1a5eb00ccb045dcce6e9f3f377b3
- Size
  
  7.2MB
- MD5
  
  e14e1a5eb00ccb045dcce6e9f3f377b3
- SHA1
  
  d4e08847fd5c2fadefe095e4335a92c9c4654afe
- SHA256
  
  5f1e0f38892fa826e9ade5fcd69cbbc899c57fd52e9907dfa74347572123f8cd
- SHA512
  
  4bd274156a7e498ad6f2ad05c32b8926ed49f08efaccc36de66c2928078550c3dd09f86a04685d2e65fb6ac5b16ec15dfd7d14811825117e0316274e91dd9811
- SSDEEP
  
  1536:b2ZwdtaOViJcQ7rTx8p78FbMu38pyrZS5HgtKtcmB+DTFJXuDbCn30FhwHEoNWd7:b2qt12HkICuspr+tkf8pMDwEQkwq
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Checks QEMU agent state file
  Checks state file used by QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderguloader

behavioral2

guloaderdownloaderguloader