guloader | bc110b120c65ddc0fb8edcd0acfc7083701769f6a3531dc7d53e00fd6f26993d | Triage

Sharing

General

Target

bc110b120c65ddc0fb8edcd0acfc7083701769f6a3531dc7d53e00fd6f26993d.exe
Size

564KB
Sample

240419-cazw2see6z
MD5

74c8e10f46a216147cc067dadfffe3e6
SHA1

ed325d17c62cd86d47582c9f6e8da6e9794dae2b
SHA256

bc110b120c65ddc0fb8edcd0acfc7083701769f6a3531dc7d53e00fd6f26993d
SHA512

881d765e13fd2bfe45a580e7672ecc5766708fcf6c59c0a893e1299db489e37934dd3e056f2a295bb59dc17299d959a3d0567143300afcfb47a607222c47462b
SSDEEP

12288:r9HJGvMeqQ+ArfWv1t/xKXkJkDvzWUpcviV/:r9HJMGCDW7/xAkarJV/

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  bc110b120c65ddc0fb8edcd0acfc7083701769f6a3531dc7d53e00fd6f26993d.exe
- Size
  
  564KB
- MD5
  
  74c8e10f46a216147cc067dadfffe3e6
- SHA1
  
  ed325d17c62cd86d47582c9f6e8da6e9794dae2b
- SHA256
  
  bc110b120c65ddc0fb8edcd0acfc7083701769f6a3531dc7d53e00fd6f26993d
- SHA512
  
  881d765e13fd2bfe45a580e7672ecc5766708fcf6c59c0a893e1299db489e37934dd3e056f2a295bb59dc17299d959a3d0567143300afcfb47a607222c47462b
- SSDEEP
  
  12288:r9HJGvMeqQ+ArfWv1t/xKXkJkDvzWUpcviV/:r9HJMGCDW7/xAkarJV/
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  4KB
- MD5
  
  aea3ac67fa68fd3f00edfbf9b43a2770
- SHA1
  
  aa59d1a4311c42b612ee66a027f224261beebbc3
- SHA256
  
  f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2
- SHA512
  
  ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  c430c0a7ef0ac8f80004de7f7898bced
- SHA1
  
  1f698e988bcc19d280a70c3283ff2816bb0db465
- SHA256
  
  dd4e24bcee7e9e952f1c7cda7532c0b851b87577e1b679380808f22d875c7c96
- SHA512
  
  3fa4fe59cadb580ab8b452ff7c2dd3802f8f6fe920dee15c81492c0c324ab991471de01fdb6f3ac07e336a90755243a1ef1de1bb5dd1c51cb70918e7192b46b4
- SSDEEP
  
  96:8eZ0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkVnLiEQjJ3KxkP:tXBfjbUA/85q3wEh8uLmcLpmP
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  960a5c48e25cf2bca332e74e11d825c9
- SHA1
  
  da35c6816ace5daf4c6c1d57b93b09a82ecdc876
- SHA256
  
  484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2
- SHA512
  
  cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da
- SSDEEP
  
  192:jVL7iZJX76BiqsO7+UZEw+RlthVEoC0O3XB:g7ssOpZs/hS3X
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  8ced0b79f7b9033d0795aab3be6d627c
- SHA1
  
  90c2043ffccd068f407c624c50ac7b795db1e132
- SHA256
  
  495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b
- SHA512
  
  e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0
- SSDEEP
  
  96:3Rp41CMj95rKhkfL5RkEdKkcxM2DjDf3GEEE9v5E9av+Yx4indY7ndS27gA:3RujesS4HREEK5MYxDdqn420
Score

3^/10
behavioral10 behavioral9
- Target
  
  Bulklastskibet/Kongedoemmet/Doorboy144/Klippevggens/Banderol191.deb
- Size
  
  3KB
- MD5
  
  1d08dec8dde24cb16f919aa4c280b085
- SHA1
  
  82232fddf599ebd278050ef8a14388ffb8366397
- SHA256
  
  d586b372746c68e0bff05f75c09a759175aff7949a7ebc9d098d311288ab74bd
- SHA512
  
  133621bc48c8a18d792caf2673fa4da1f4dd5ac7dac85241be6ffc64726746103f1c1b001bd6017c0d85d1cc1e31cf984f22f1d037fd17392768d4db530c5b43
Score

3^/10
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12