guloader | b28544713d74e229e251d11b415a48e118c75015a520f16c21005e4d78a22d5f | Triage

Sharing

General

Target

2024041342836038.iso
Size

846KB
Sample

240416-h68rqacb84
MD5

53ff37a6a2c349401d844564e6c08681
SHA1

6b95fb3941f3beafaf660829f8045b1a0153c2f4
SHA256

b28544713d74e229e251d11b415a48e118c75015a520f16c21005e4d78a22d5f
SHA512

ffa3ea7ac83500723898f5c3be2db51908bfe5e5af50065b78fe7e4da3f09146d86078ff9d179791303c3f5bda1fa8e5aeff40062aff733ba4dee20c2d4be3ba
SSDEEP

12288:1OyBItc6c4ASOSjM0rp7Z3lYFNiooPsND1kz7FgCa2+mSP2iYZ367TCIhhDu:vW2zuOSjrrpxG9oETe7iCa2LUnCyh

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  2024041342836038.exe
- Size
  
  785KB
- MD5
  
  2c430d35e36d912bda726e384615c0e7
- SHA1
  
  84793fbd7b355eae708f3fbb654b6f67c468effb
- SHA256
  
  c5e3dc39412f2f8efb97c3c6bcdc235727caf646ee2ac7c23e77c11ce0783e15
- SHA512
  
  5fe11156b4c016272941a92deb0ceacc0db13677bc14e2353b118fe9fcb58f7f2f609dd776f5cee2e99b4e7ad29b7dcc0fc183ceb9addf26c0348b2be87caca1
- SSDEEP
  
  12288:TOyBItc6c4ASOSjM0rp7Z3lYFNiooPsND1kz7FgCa2+mSP2iYZ367TCIhhDu:5W2zuOSjrrpxG9oETe7iCa2LUnCyh
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  5KB
- MD5
  
  a5fd5bb479150881ed350f9fa758bb15
- SHA1
  
  ffa55bb6a77fca54eccfc1badc872ebde69b67be
- SHA256
  
  f4b7bd6ffc472858b786635fc3d2c053025c6ef8e121894785a2f997ad76e16b
- SHA512
  
  d0b4d17dc35253f6b355bfd8910123196f91711a19f888c12b997a84a8025b1bc7ed9913278191c361f7a268924f369877f2d068b8d6a889174a866c5d0c1e12
- SSDEEP
  
  96:CqNXqwK188CgAtXvZBkjDf0yf9ysrtWpTwol:CAqrg1XvZB6kYtWpT
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/UserInfo.dll
- Size
  
  4KB
- MD5
  
  5cf209df87b3c5e455b5b2b326438ad9
- SHA1
  
  47e8dc726c0a49c0b53a1fba4e03af4bccda003a
- SHA256
  
  b665b4fd4c9de7a4ee54c720f5b607ca0744c9c69990a741428b469388862f29
- SHA512
  
  48e71c3a463e59cd7367be708d4e964a6f766ea7258e3088cef7a6550ed34223967e552f3c2d22719dcd86752b5ba165cc54a78a90be44f6725a26dde15d820a
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  3eb4cd50dcb9f5981f5408578cb7fb70
- SHA1
  
  13b38cc104ba6ee22dc4dfa6e480e36587f4bc71
- SHA256
  
  1c2f19e57dc72587aa00800a498c5f581b7d6761dc13b24bcf287ea7bd5ca2bf
- SHA512
  
  5a0c9d28df7a77e157046dce876282c48f434a441ee34e12b88f55be31be536eff676f580adbe4586da3f1519f94b5793ccbb3068b4b009eee286c0c5135d324
- SSDEEP
  
  96:+7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNv3e:QXhHR0aTQN4gRHdMqJVgNG
Score

3^/10
behavioral7 behavioral8
- Target
  
  Matar/infrastrukturens.com
- Size
  
  1KB
- MD5
  
  22d3d8fb17ec7e42d2fe112f404d75e6
- SHA1
  
  3edef27c92e957ff57a79ad97b5ab1a67543dc2c
- SHA256
  
  5f2e0b84010e8047edd93484d56ab8e8251e1ba346957eb8063d30b66ca293b6
- SHA512
  
  4b64f54a2192a99f53c7a73434557dd2f4819faf9afecd69bd25145a3ccc9de70fac4fbbc1f37709ff9f36da90ed4cae781fca7b5705d32937bd5aea3db54739
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderpersistence

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10