guloader | d5c2c232447f0e59930b03dfb417815c61fa857d6ed61237554a947e598a08f1 | Triage

Sharing

General

Target

d5c2c232447f0e59930b03dfb417815c61fa857d6ed61237554a947e598a08f1.exe
Size

793KB
Sample

240522-cxrtyshe91
MD5

d4f137b8bf2f0d40d41191c8be541821
SHA1

ce050c34d79421adb074de782e0ea52c736c1e86
SHA256

d5c2c232447f0e59930b03dfb417815c61fa857d6ed61237554a947e598a08f1
SHA512

4837970ca6401dba707f15fdc793ba98b9b70af4299b8f9b9f49914b149745f428a85fd15613692e8549cf9d70089c3fb3738d6dc77d1f030b6d68a2e36584dc
SSDEEP

12288:gKdQYPhiCUSyZsnY40EfLBUc4unPZAKCBHVE3L6440vaP/SS/LZi:gJYHUS9F0ETBUqREI6VpSSE

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  d5c2c232447f0e59930b03dfb417815c61fa857d6ed61237554a947e598a08f1.exe
- Size
  
  793KB
- MD5
  
  d4f137b8bf2f0d40d41191c8be541821
- SHA1
  
  ce050c34d79421adb074de782e0ea52c736c1e86
- SHA256
  
  d5c2c232447f0e59930b03dfb417815c61fa857d6ed61237554a947e598a08f1
- SHA512
  
  4837970ca6401dba707f15fdc793ba98b9b70af4299b8f9b9f49914b149745f428a85fd15613692e8549cf9d70089c3fb3738d6dc77d1f030b6d68a2e36584dc
- SSDEEP
  
  12288:gKdQYPhiCUSyZsnY40EfLBUc4unPZAKCBHVE3L6440vaP/SS/LZi:gJYHUS9F0ETBUqREI6VpSSE
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  34442e1e0c2870341df55e1b7b3cccdc
- SHA1
  
  99b2fa21aead4b6ccd8ff2f6d3d3453a51d9c70c
- SHA256
  
  269d232712c86983336badb40b9e55e80052d8389ed095ebf9214964d43b6bb1
- SHA512
  
  4a8c57fb12997438b488b862f3fc9dc0f236e07bb47b2bce6053dcb03ac7ad171842f02ac749f02dda4719c681d186330524cd2953d33cb50854844e74b33d51
- SSDEEP
  
  192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4