guloader | 7b8eb350d7ad31f2bc2307a42927e40e6881b06e5f354200adb8cbf959f9377a | Triage

Sharing

General

Target

703313812e7eb2ae5f0fd8e57d3dd125.bin
Size

205KB
Sample

240417-bwlqwabd6y
MD5

badaf1054745f4e9c2237f747de885d4
SHA1

b5596cd7755c53505a25bfcdb7444e83610635e0
SHA256

7b8eb350d7ad31f2bc2307a42927e40e6881b06e5f354200adb8cbf959f9377a
SHA512

118d495dd3204904cbb8f9056844a5d6d6497fae839680e5c608d65740b53d586c27df45d24a385b5c14cd94d443a3df9133e27f6993d93c660105f5b5268c24
SSDEEP

6144:xOkKEqJJ5bqc8dBoUxQPScaowjoRk7xUjzrvDRrdpoj:PO5bpaBoUESHowikC7Djg

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  6e8330fa5453528965d563426bdc2e03d6d36bd860da8aa6499675dcb80f9d35.vbs
- Size
  
  402KB
- MD5
  
  703313812e7eb2ae5f0fd8e57d3dd125
- SHA1
  
  fc8bff9090347b291d37fa579e8edf02c1bfe01e
- SHA256
  
  6e8330fa5453528965d563426bdc2e03d6d36bd860da8aa6499675dcb80f9d35
- SHA512
  
  6aac5aaacee99f99b3fd7cd1f66e3eb7adf28646bcac8fc2af4a2324da2dfdf1303be65effe4f163015b94a2829be7e62b038c58cbd404030ca70c85f5c41a5a
- SSDEEP
  
  6144:ltrc0iH9QXg0Ip+QUJFUWtBVkmqtcECDGk8FD3ZGGBXMV7:lFidQ0AzzfZ
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloader