guloader | 8ebbd869bb0023d3a9ce231469baa84354580efc5c6f969263df0417b5b321aa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

SYN-M021012010530.bat

windows7-x64

SYN-M021012010530.bat

windows10-2004-x64

Sharing

General

Target

31052024_1626_31052024_SYN-M021012010530.rar
Size

4KB
Sample

240531-tx1wasef69
MD5

c5ff97df7ceacce93a14a4186395e710
SHA1

3b3673b9b3cd9389f2316c81881759691904e955
SHA256

8ebbd869bb0023d3a9ce231469baa84354580efc5c6f969263df0417b5b321aa
SHA512

416853221c19f8eaf4b7b20d488ff5b29a7bfa76d0e021e8ce1782d4db9aa12a6515c849c30d4ea8dcb2b0b9a8ea9c69e403bb8fb01d6cfeadd884a2c10a1872
SSDEEP

96:0ZNpwQwSRifvX1NcMwTL7QkkgWgMrkRKM+tSP7eP/bQXUrnYZvT:0ZNpfRiFNchL7xOgSZMiSTeHckrYhT

Score

10^/10

guloader downloader execution

Static task

static1

Behavioral task

behavioral1

Sample

SYN-M021012010530.bat

Resource

win7-20240221-en

guloader downloader execution

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

SYN-M021012010530.bat

Resource

win10v2004-20240426-en

guloader downloader execution

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  SYN-M021012010530.bat
- Size
  
  6KB
- MD5
  
  01553a7a340cc74a5f1773cae16cebe6
- SHA1
  
  e7712f5d585e5fe9ac92922b55a79a16540aa7e1
- SHA256
  
  99f975270c9c758a4ee7600eb37843e77510a636759ee656c4953268ef8b9d88
- SHA512
  
  c6135a2a62a65ec8d22cee340b095dedb1e0c260d7c506bd35167415fe75ebb66dc83cf2d2159b33677012255b9bdc41969fd7c2648c477858c0ea8c588de894
- SSDEEP
  
  96:b7ge1uD/1+adiF2aYjsAhmbo/H5lAiDYShyrO0MuzC1jYRGbsz39qdUt:Xu+OiF2aYjsAhFFYfO0TzC1jY8bjY
Score

10^/10

guloader downloader execution
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderexecution

behavioral2

guloaderdownloaderexecution

© 2018-2025

Terms | Privacy