guloader | 52a3b9d85d38b23a8d6579d142faee2fbcff488be005edeab4257fdf45ea336f | Triage

Sharing

General

Target

19042024_1616_18042024_Ofertowe PLGPPWCZ462346234626236262.7z
Size

3KB
Sample

240419-j6hqzade7s
MD5

7085f04e4e5476adeca7ece086ebecec
SHA1

9c6654a0812b08fd8c8d7ca141e2f02f4ca06f7b
SHA256

52a3b9d85d38b23a8d6579d142faee2fbcff488be005edeab4257fdf45ea336f
SHA512

04a8ed6656872fd8ca672323bfc723bde27d7bc0bfa7dc6ea52f3759b44730aa595915a631a87c8367838f6ed3fe17adc8f87e27fc12dadf26196d9e42679582

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  Ofertowe PLGPPWCZ462346234626236262.bat
- Size
  
  5KB
- MD5
  
  bfb371f238afb4c3f000e661b0053e80
- SHA1
  
  0434e572a730a6ef8d41a40ae2b250887ae308f8
- SHA256
  
  a3dd803c509bfdca75f35051a79d3bdf412ffdc9f5e35160102efef048f67569
- SHA512
  
  2ba4d4628251db8a578ecc70247381ec5bfb4f0c313dee078fe5a5dbbd9ae0d0bfe62e5a8463d6bb58e5555f7a3da3e4db0ef1cf15d536b1275b7d63caec80c9
- SSDEEP
  
  96:l4x/ykj+ivcdHhViqzkq3RuWfceU+3iqR093fhrVRd/h7/x7qGbXca:liZj+QcdFApWEeU+SqR093fhHn/xVXca
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2

guloaderdownloaderpersistence