guloader | 950908d3fcdebad1d68f28d7e05251fe94f15746e2105eb76335dabc3a1078a6 | Triage

Sharing

General

Target

SKGHM_PE_757583588358839538539599593BeoersKnucklehead_1.7z
Size

47KB
Sample

240607-vs4xtsbd6x
MD5

81154b8137816008b1ef4beaad668a4b
SHA1

8c634ea54f6880b953eea7666fda31a2e4d90e35
SHA256

950908d3fcdebad1d68f28d7e05251fe94f15746e2105eb76335dabc3a1078a6
SHA512

63ab0647d081c0993e5cb1ce94dfbed695ae03911f08e8772def686adb9af3b57cc0959161ca5ba649d1a15130a31c38689f487c7c27aca560af4f98828df3e9
SSDEEP

768:jcUoj9JkDBHeo/1XEOduqh77bDLfdhO1bZdByXiK8ArAQtblfd0c/BKAirxoXI3t:jcUojqBHeo/1UGV7bDLO1BAiK/HBlfi9

Score

10^/10

guloader downloader persistence

Malware Config

Targets

- Target
  
  SKGHM_PE_757583588358839538539599593BeoersKnucklehead.vbs
- Size
  
  154KB
- MD5
  
  8993abe6fdbed5a58e5f8806cb1a12d8
- SHA1
  
  6f52e232be6a55b0411d2d2bf1e03b01b7388921
- SHA256
  
  1d6d36ec589cbecea839e3b4a5156a35f48436847043f2e1f307f6579e7893e2
- SHA512
  
  9de0b6554063778d0fec454f0fcb72acc5a1b652aff0f4513254097b6cfdce80c496e330ba93c2bacbabc5437fa508a124eb5e099c0e92dca2d7b70975090bd3
- SSDEEP
  
  3072:Gvn9Dm5IXdH7eAlsSyP/ioJbae+nzu6J5RcuXrMLyVZH4lY0Gx2gDwDjNMrt:Gvn9Dm5IXdH7ecsSyP/io9ae+nzu6J5j
Score

10^/10

persistence guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderpersistence