guloader | 1f7f8fa2a0d1850a1753edd61fc2ddfd67031a15b65929469c044dc8c751de03 | Triage

Sharing

General

Target

Cumacean.exe
Size

234KB
Sample

240510-jgtryaeb32
MD5

d9ad627096015371e1d4db92375bc6ff
SHA1

c625bbef9ca680e05e6d426ef1417086d059cd94
SHA256

1f7f8fa2a0d1850a1753edd61fc2ddfd67031a15b65929469c044dc8c751de03
SHA512

9573885810921efacaa924e48069cd04adbc0f1003a94318734233a570c495d91f6e1dc6ab02e078ebd17cdceb1a616636f6799dc737aae281e9cd4681df6aa3
SSDEEP

6144:Ek62PBHbekcwi+GGKPNYLsJbRGryWCP3fI/C:BpaGgvfRRGrK4a

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Cumacean.exe
- Size
  
  234KB
- MD5
  
  d9ad627096015371e1d4db92375bc6ff
- SHA1
  
  c625bbef9ca680e05e6d426ef1417086d059cd94
- SHA256
  
  1f7f8fa2a0d1850a1753edd61fc2ddfd67031a15b65929469c044dc8c751de03
- SHA512
  
  9573885810921efacaa924e48069cd04adbc0f1003a94318734233a570c495d91f6e1dc6ab02e078ebd17cdceb1a616636f6799dc737aae281e9cd4681df6aa3
- SSDEEP
  
  6144:Ek62PBHbekcwi+GGKPNYLsJbRGryWCP3fI/C:BpaGgvfRRGrK4a
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  3KB
- MD5
  
  ab67c38251627bdd59af50c52deda52c
- SHA1
  
  2eaf5464a294a5c5aa77ae757893be6f59e0e087
- SHA256
  
  37f3514571476a739a26d86bf0bfb7f41f7a56fc30a9bf43f9381d0eb4df22d6
- SHA512
  
  b9af9182d4f15cfb8547fc93ecd17aa95c2c65fe45b41c8fdb25752f54bfce397b371dae3a31e15f697047f8037c34e88daa83867d96e93cade57737c9b35afd
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  55f18cafe28167995629fdeae4f07bdf
- SHA1
  
  a6bd9310f4408c86149993d1e8833d35dd16bb23
- SHA256
  
  e32b35cde7c6e2c967445de92884684db7fda506ea52b9aaa74c1a33dd2fdfe6
- SHA512
  
  113e7a9e1958bea6a045a7120adf6c667880b9b1d90ff7790e2004f3954f9358a5e44ceb6be0c3b32ff8e6a06878a0f22be7206d0b5a6c5392ca30b8c3bff8ce
- SSDEEP
  
  192:sj9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6YV:qJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  f294cfefcf2f306696944427ef551de5
- SHA1
  
  6ae91bc7706e0dc0e882f2648277ffc9437a5f8b
- SHA256
  
  b170d492cedc29719d27092c29ae1c71bc0b4d9c7df5707b44ac748bc394967f
- SHA512
  
  da8b57a3b9256aa6f5e8a33399eea9fb154f9463dfcb297b67419f540049cca9450ce81fe5d3dffad3d8708f300c9453d64add8e81e8dd48b6bae0f1053f116e
- SSDEEP
  
  96:jWIKf21CuHq37MPuQ7rA9auHav8ZwK03cONByZyImHcAqgvB05CZnthgve9QIpKd:jW5Om342wrA5apH3/NYmciACZUApU
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  6b174eb4d11c11ad5d8c8653f09e60c3
- SHA1
  
  222b75fa7c03707d8664817a2fd7db142f33867b
- SHA256
  
  b4ec96eda12eb0cbd593d4a65bb9ebb9055244f16a19dc976ba57bc552763419
- SHA512
  
  3d847f863b367b7822a3a2422846bb15d5f68408af937224e19cf0f5fed8632738701d42d1f3a251b9ed69b3ce1a1698314698ac22a14ef38504415daf5aca09
- SSDEEP
  
  96:znYPt4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KA4e3VUxQvLL1mKZ:7YPt4Vlw1Iul5J8T1vK20m3VUaLL1l
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10