guloader | 8c198e0fd958f00a38efa3cc347de8ebd7e464b63eec417988032c80832d9014 | Triage

Sharing

General

Target

x.exe
Size

543KB
Sample

240426-g2xyzsaf4w
MD5

71596eff0cd3188f1b5fa6ed4c4d3a8f
SHA1

a606e3570367872ef2932c91c1f646e077fd88d2
SHA256

8c198e0fd958f00a38efa3cc347de8ebd7e464b63eec417988032c80832d9014
SHA512

d36faf5a01334ee1f1e52064f9c269b059efe3badb4d110a3fb8baadf6d797c91308b05121fe5b65fcb38d7ce630844825efc54c44b50cb70e10d9b8381de9a0
SSDEEP

6144:LDpoek7OrisQ88lEf74pvF5KPReXAhz9m2nWbt1mi0Y+Kqam3+tvW:47YvElF5+DhYnXmiGamOtvW

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  x.exe
- Size
  
  543KB
- MD5
  
  71596eff0cd3188f1b5fa6ed4c4d3a8f
- SHA1
  
  a606e3570367872ef2932c91c1f646e077fd88d2
- SHA256
  
  8c198e0fd958f00a38efa3cc347de8ebd7e464b63eec417988032c80832d9014
- SHA512
  
  d36faf5a01334ee1f1e52064f9c269b059efe3badb4d110a3fb8baadf6d797c91308b05121fe5b65fcb38d7ce630844825efc54c44b50cb70e10d9b8381de9a0
- SSDEEP
  
  6144:LDpoek7OrisQ88lEf74pvF5KPReXAhz9m2nWbt1mi0Y+Kqam3+tvW:47YvElF5+DhYnXmiGamOtvW
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2