guloader | 2b1f8cdfc8e9cc3c2cdb2f3c0c65f4266312a1ef90e2ceae5fcf15351625cde3 | Triage

Sharing

General

Target

SMTECHMC Učitavanje informacija Genvordighederne.bat
Size

6KB
Sample

240611-w52hxawgrf
MD5

fa3a7ba5e745930dc4f0200011f6bebf
SHA1

727cf3dc2cae8077736038d9e0d80ed41b8f9981
SHA256

2b1f8cdfc8e9cc3c2cdb2f3c0c65f4266312a1ef90e2ceae5fcf15351625cde3
SHA512

3efafee4781d0b061252d77df025f3a48a9719e306b720df7adb98d241d8b77bf840626af4c0db4cf021800b3d820c1ef4b263015358509ba0b5826b97f37724
SSDEEP

96:Hwt/qMtSV9CPbtmDLDMjSZcOZ81n7+CZYVQh79db3gmJUNJW/irC6V+:f7CPbtmDeSZdZ81nKG0edb39MJW/uV+

Score

10^/10

guloader downloader execution

Malware Config

Targets

- Target
  
  SMTECHMC Učitavanje informacija Genvordighederne.bat
- Size
  
  6KB
- MD5
  
  fa3a7ba5e745930dc4f0200011f6bebf
- SHA1
  
  727cf3dc2cae8077736038d9e0d80ed41b8f9981
- SHA256
  
  2b1f8cdfc8e9cc3c2cdb2f3c0c65f4266312a1ef90e2ceae5fcf15351625cde3
- SHA512
  
  3efafee4781d0b061252d77df025f3a48a9719e306b720df7adb98d241d8b77bf840626af4c0db4cf021800b3d820c1ef4b263015358509ba0b5826b97f37724
- SSDEEP
  
  96:Hwt/qMtSV9CPbtmDLDMjSZcOZ81n7+CZYVQh79db3gmJUNJW/irC6V+:f7CPbtmDeSZdZ81nKG0edb39MJW/uV+
Score

10^/10

execution guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderexecution