guloader | 192d9abc415532198f10cd634dce41f0d32516c7e6c341f7acc6be443a713417 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

192d9abc415532198f10cd634dce41f0d32516c7e6c341f7acc6be443a713417
Size

483KB
Sample

240504-zq6e4aba6y
MD5

da5be8ce7a590433859e71369f235891
SHA1

a43fc56c5367added8ca79d56a12ec1a7801c8ad
SHA256

192d9abc415532198f10cd634dce41f0d32516c7e6c341f7acc6be443a713417
SHA512

d626733126e5ca31f2da6aff254735ce09fba9fb761f8cfc1fa25166531f5049d99ae5af603c23fb36387d92680994ef4594a0f546f2d66a7cab1205555eb2c8
SSDEEP

12288:6gEdb/PAcCkw2YvCDH1vmI5wkHmJ2Jx7bx:odUv2VvmonmJ47bx

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  192d9abc415532198f10cd634dce41f0d32516c7e6c341f7acc6be443a713417
- Size
  
  483KB
- MD5
  
  da5be8ce7a590433859e71369f235891
- SHA1
  
  a43fc56c5367added8ca79d56a12ec1a7801c8ad
- SHA256
  
  192d9abc415532198f10cd634dce41f0d32516c7e6c341f7acc6be443a713417
- SHA512
  
  d626733126e5ca31f2da6aff254735ce09fba9fb761f8cfc1fa25166531f5049d99ae5af603c23fb36387d92680994ef4594a0f546f2d66a7cab1205555eb2c8
- SSDEEP
  
  12288:6gEdb/PAcCkw2YvCDH1vmI5wkHmJ2Jx7bx:odUv2VvmonmJ47bx
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fc3772787eb239ef4d0399680dcc4343
- SHA1
  
  db2fa99ec967178cd8057a14a428a8439a961a73
- SHA256
  
  9b93c61c9d63ef8ec80892cc0e4a0877966dca9b0c3eb85555cebd2ddf4d6eed
- SHA512
  
  79e491ca4591a5da70116114b7fbb66ee15a0532386035e980c9dfe7afb59b1f9d9c758891e25bfb45c36b07afd3e171bac37a86c887387ef0e80b1eaf296c89
- SSDEEP
  
  192:eS24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OloSl:S8QIl975eXqlWBrz7YLOlo
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4