guloader | 26a32b71ef0e9ab0e40eea7e0e7994767588a87ec1398eab32aa28dd84ae6e90

Sharing

Copy URL

Twitter E-mail

General

Target

20230970 - SF PARQUET SERVICE 25.04.2024.7z
Size

413KB
Sample

240425-pgldfsae8x
MD5

e75236cf63c526744d10cc129df9cf67
SHA1

e31f3ed282cfcb97bd09e93d0ef897a94b731b41
SHA256

26a32b71ef0e9ab0e40eea7e0e7994767588a87ec1398eab32aa28dd84ae6e90
SHA512

360e8aca7d1d7c2145e94d0587ed5643aaceeab51402a93e61b1417bb3d32d44cc7f945e55e271be4d169c326e35597f87773c33f57f44fe20fcecd9572ffb41
SSDEEP

6144:Y4rcpq7JlEn1vFHKzRejAht9m2rWbtNmi2Y+Kq4m3+twy:zOAJlEBFHUdhydbmik4mOtwy

Score

10^/10

Malware Config

Targets

- Target
  
  20230970 - SF PARQUET SERVICE 25.04.2024.7z
- Size
  
  413KB
- MD5
  
  e75236cf63c526744d10cc129df9cf67
- SHA1
  
  e31f3ed282cfcb97bd09e93d0ef897a94b731b41
- SHA256
  
  26a32b71ef0e9ab0e40eea7e0e7994767588a87ec1398eab32aa28dd84ae6e90
- SHA512
  
  360e8aca7d1d7c2145e94d0587ed5643aaceeab51402a93e61b1417bb3d32d44cc7f945e55e271be4d169c326e35597f87773c33f57f44fe20fcecd9572ffb41
- SSDEEP
  
  6144:Y4rcpq7JlEn1vFHKzRejAht9m2rWbtNmi2Y+Kq4m3+twy:zOAJlEBFHUdhydbmik4mOtwy
Score

1^/10
behavioral1 behavioral2
- Target
  
  20230970 - SF PARQUET SERVICE 25.04.2024.exe
- Size
  
  543KB
- MD5
  
  71596eff0cd3188f1b5fa6ed4c4d3a8f
- SHA1
  
  a606e3570367872ef2932c91c1f646e077fd88d2
- SHA256
  
  8c198e0fd958f00a38efa3cc347de8ebd7e464b63eec417988032c80832d9014
- SHA512
  
  d36faf5a01334ee1f1e52064f9c269b059efe3badb4d110a3fb8baadf6d797c91308b05121fe5b65fcb38d7ce630844825efc54c44b50cb70e10d9b8381de9a0
- SSDEEP
  
  6144:LDpoek7OrisQ88lEf74pvF5KPReXAhz9m2nWbt1mi0Y+Kqam3+tvW:47YvElF5+DhYnXmiGamOtvW
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Begavelsens/befolkningstallets.tnd
- Size
  
  2KB
- MD5
  
  c2d8cab2df0c5184a51cad4f321a64cc
- SHA1
  
  2068ec7cbee9bb22651b84cdfdb5258b62ea95ee
- SHA256
  
  21dfa4eabff3ca8cf50f2ad48ab42eb1616b76dcbcdae86705a4ffc204a36258
- SHA512
  
  0d521df41c6c415faa84244f153cfd653574356f21ae55a9cdbc24b7a8825454a661483a1405bb3ae71f067c7bfe7d1a4e729afc23a5346c36a524329a28d37b
Score

3^/10
behavioral5 behavioral6
- Target
  
  Begavelsens/lerret.txt
- Size
  
  409B
- MD5
  
  16234c20d3324265bb707c0da0a316f8
- SHA1
  
  994abb6985951ce456af1468c3a74bbe53d2348a
- SHA256
  
  75f66c61f6ae6c8e75466d750d71db4385abbbe93c9c5677d9df74b5f741f99c
- SHA512
  
  b50103f5820889fb40a397a727ae64fbb91a1d02c6ca341b00fae3ef11fcc02c858f24caf18b35991d4197789d3edd3c068842a0e3d2f9b1293e35e8fd5ad733
Score

1^/10
behavioral7 behavioral8
- Target
  
  Begavelsens/underholdshjlp.sca
- Size
  
  2KB
- MD5
  
  90a8f9376b587851ce0cf60bd203101f
- SHA1
  
  5833830004e7017da574a4f3c69d27874c28f400
- SHA256
  
  770970bf93905583e7305f1e80755c0582d0b01009bcbb8cea0fa6bd28e9d645
- SHA512
  
  98fa1dae524d113e1736ad371ac7c8ff3fdcd959b4612b714a57bd36f180c42430cd199d1b98a48529b322ced110a68c7f80e18252d2a1cb4bab08af58ebe5d1
Score

3^/10
behavioral10 behavioral9
- Target
  
  Tubulidentate/Overbakes.Tid
- Size
  
  57KB
- MD5
  
  fc5bf28700c2750eab9f1a5821380fb9
- SHA1
  
  e211c07ce35ed9f19c4519177909975b72d94b8c
- SHA256
  
  d0fa547b89ded83f6cfe6469b984c67297f6c5f835fef93c00afd3a88cc68b7e
- SHA512
  
  7c2db5396b8625d8b533d71fc892fcc481d7c404f3debbb4c5bb586ddf2a43f72775a522d39bd920891760edb0151bc138e69ca605c0b167f91f0085899e4eaa
- SSDEEP
  
  1536:aQ2zGynRmv41WpwQPPjY4gqgAxJltCzjBRQ83YoUR8JTqMgXm:anz/9YQqDjvXR8JTqDm
Score

8^/10

persistence
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral11 behavioral12
- Target
  
  Tubulidentate/Paaviselige.Hom
- Size
  
  322KB
- MD5
  
  bbfaf03d5a947e5c15937d214e547185
- SHA1
  
  e9fcd70509d1c3e06ccd862b5b41bd754acdd495
- SHA256
  
  dce96a292759becf49f06a0fbeb7181d2f648396ebf0ad246896de2117bb1023
- SHA512
  
  b73bdd0f85a3bf59b6b223613042d3ec38e771289153d57e19181a6254438a79830c518419e82b17dc3cf236568a4fd799beda7e0cc82fc9f2e7f57af1eedf3e
- SSDEEP
  
  6144:ym9lRwTSCQ1NRajsvjCtzMcdIlfYpIV/0wdtRcdnB7iCX8+1YSq:yWlRwh0NRzeIcdwfWIV/XG8A8AYn
Score

3^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Guloader,Cloudeye

Adds Run key to start application

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Modifies Installed Components in the registry

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14