guloader | 72b1c85eede5ca8c04c1d472cd2ea3a86e7442c4933105c50fb0484d1f4c5ad0 | Triage

Sharing

General

Target

72b1c85eede5ca8c04c1d472cd2ea3a86e7442c4933105c50fb0484d1f4c5ad0.rar
Size

1.2MB
Sample

240523-b2ws2agh7z
MD5

1826a5e6bffabb043751e2cd02e22582
SHA1

4c0a6a2c3fbc228217a980fc906ffde32150e9b3
SHA256

72b1c85eede5ca8c04c1d472cd2ea3a86e7442c4933105c50fb0484d1f4c5ad0
SHA512

4e5e12a9dd3c8bc4ac113aa011dbb6945c21dd9d7097c2cb1a14c8094f150d980c3ab4266ed40b109d22df1ce1afc24de9c5549e9922ee289267ebbb00e9f650
SSDEEP

24576:0qk2XE94nLTBq3NPVgcYgoHeRAYbLoXjOivHGLv9gf38N8MbqL3G8FsbNRgP:EgX2VVHYeKYgTMLvOf38N8qaXc0

Score

10^/10

guloader downloader

Malware Config

Targets

- Target
  
  Telescribe.exe
- Size
  
  1.3MB
- MD5
  
  ee518fda96d7cb89bad8783aeab7e6fa
- SHA1
  
  5dced89b75ece47f8e8c0b19082ed97448f83964
- SHA256
  
  cd25f94f8e22e1ca4f4bb2f65a4d904aaa01b57445284b1cf5ea9572873d2b4a
- SHA512
  
  b92c661cc02640f4cbc1641b78005d84d176305af07caa92cb26441b0fcb831c31c79db7b5af69d2e331bf5ea1d28f9aa790fc7127cb58fae2224b111275f13b
- SSDEEP
  
  24576:d9Q0lIVTRJLpdCW9zTIvwS60x6Hcy/U77VaaG8uosbrDqa1VHWTcSdmWDxbLn/oY:rQ0lsRdpdBTIYS6VDM77YoOrDX1l2xbv
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b8992e497d57001ddf100f9c397fcef5
- SHA1
  
  e26ddf101a2ec5027975d2909306457c6f61cfbd
- SHA256
  
  98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
- SHA512
  
  8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
- SSDEEP
  
  192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4