guloader | db9151a29924eaa6b7fd1f9395d256285deb924445e26cf383ed84722debedef | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

blood Gas ...er.vbs

windows7-x64

blood Gas ...er.vbs

windows10-2004-x64

Sharing

General

Target

blood Gas analyzer tender.vbs
Size

19KB
Sample

240604-gtq6gaff2t
MD5

ff267c328cb452fecf9126af29565e92
SHA1

2b64e8e45343ee2adb2cb9f51039da909fa912de
SHA256

db9151a29924eaa6b7fd1f9395d256285deb924445e26cf383ed84722debedef
SHA512

9164f8b9147ec53975cf7a8d694cf04cf82ac430d3c23efc48bc574d3590e1908649c5b17b508fa94ceed08ef7d89310a68b366624a3c7c5c5332b5a7afd33ea
SSDEEP

192:yMgigjO6uXXVex0J/8NrVmb1SWyDG7+8gHkvOUfvnFn61qtHoLg3TaPK:yMgiquXXsxWOr4GDw+PHKOyJrDwK

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

blood Gas analyzer tender.vbs

Resource

win7-20240221-en

guloader downloader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

blood Gas analyzer tender.vbs

Resource

win10v2004-20240508-en

guloader downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  blood Gas analyzer tender.vbs
- Size
  
  19KB
- MD5
  
  ff267c328cb452fecf9126af29565e92
- SHA1
  
  2b64e8e45343ee2adb2cb9f51039da909fa912de
- SHA256
  
  db9151a29924eaa6b7fd1f9395d256285deb924445e26cf383ed84722debedef
- SHA512
  
  9164f8b9147ec53975cf7a8d694cf04cf82ac430d3c23efc48bc574d3590e1908649c5b17b508fa94ceed08ef7d89310a68b366624a3c7c5c5332b5a7afd33ea
- SSDEEP
  
  192:yMgigjO6uXXVex0J/8NrVmb1SWyDG7+8gHkvOUfvnFn61qtHoLg3TaPK:yMgiquXXsxWOr4GDw+PHKOyJrDwK
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy