guloader | 3b0f3fe33e25fea18ac8fe33c561dcaa711dfb5f1e9fede573c7c1b76a5617cb | Triage

Sharing

General

Target

3b0f3fe33e25fea18ac8fe33c561dcaa711dfb5f1e9fede573c7c1b76a5617cb.exe
Size

476KB
Sample

240523-bqqgwagc8s
MD5

992095bdc04df2604858b99e80c8d2ec
SHA1

d4004b6b5dacf8ece15f09e74ce7eb9b3cecc4d4
SHA256

3b0f3fe33e25fea18ac8fe33c561dcaa711dfb5f1e9fede573c7c1b76a5617cb
SHA512

3d96c6d499811e8aaf308660b71c1239c4998bbed6d7d4a1b29bf2c47434683286f954b30d569fef8d8512935212770b094b7bffea2714a7254cfe24866f2da4
SSDEEP

12288:8M2yMkxqt160wyP7at1BIHHgWuutYaNSohL:fMkxqtY0wztVutDhZ

Score

10^/10

guloader downloader execution

Malware Config

Targets

- Target
  
  3b0f3fe33e25fea18ac8fe33c561dcaa711dfb5f1e9fede573c7c1b76a5617cb.exe
- Size
  
  476KB
- MD5
  
  992095bdc04df2604858b99e80c8d2ec
- SHA1
  
  d4004b6b5dacf8ece15f09e74ce7eb9b3cecc4d4
- SHA256
  
  3b0f3fe33e25fea18ac8fe33c561dcaa711dfb5f1e9fede573c7c1b76a5617cb
- SHA512
  
  3d96c6d499811e8aaf308660b71c1239c4998bbed6d7d4a1b29bf2c47434683286f954b30d569fef8d8512935212770b094b7bffea2714a7254cfe24866f2da4
- SSDEEP
  
  12288:8M2yMkxqt160wyP7at1BIHHgWuutYaNSohL:fMkxqtY0wztVutDhZ
Score

10^/10

execution guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ac0f93b2dec82e9579bff14c8572a6c8
- SHA1
  
  6460244317cbb77e342adb3561ec3acb496c84d5
- SHA256
  
  3aa8e0abadefea2de58281198acfe48713a1d5b43aea5619f563cea098e9fd34
- SHA512
  
  8055a6af150c45547927499f9cbf645d7f39c8e4f9caff4726fd711d2401abca01a79837095e5752b9f57b06446973ea6506796f2223bdb0179243d6e0575bd2
- SSDEEP
  
  96:5OBtEB2flLkatAthPZJoi9jpfW/er6cBbcB/NFyVOHd0+u3wEX:5hB2flXAVJtjf6cBbcB/N8Ved0PJ
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderexecution

behavioral3

behavioral4