guloader | c37d4a85b076ff09263787731419358ca2b714790bb9bdc83344a4a80739472c | Triage

Submit
Reports

Overview

overview

Static

static

1

c73a128c70...6c.vbs

windows7-x64

c73a128c70...6c.vbs

windows10-2004-x64

Sharing

General

Target

47b6f5c41eac8d907383975519acd23f.bin
Size

10KB
Sample

240620-bzk9hs1flh
MD5

49d6d59e23dd56bdf475f80ab6c1880b
SHA1

b412d412b45896aeb686f1f8addd0c2b183ce435
SHA256

c37d4a85b076ff09263787731419358ca2b714790bb9bdc83344a4a80739472c
SHA512

24c4f1638ed8b683fb54c5ea93112bac1f9c6a86149d52385f2c5f38ad43507b1245e24c5ee734d9de76c675c73fddce97afc9a39e813ba7a28823c98422eff4
SSDEEP

192:cW/cHhed903WhpIUzUwPe+k78E7jSKf3gIYEtvnZ1:vXHvUv+kVWKf3gWfZ1

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

c73a128c7037b9e0a9a545bcf51c3ca925d2d436caa1c2953f9807cae73de26c.vbs

Resource

win7-20240508-en

guloader downloader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c73a128c7037b9e0a9a545bcf51c3ca925d2d436caa1c2953f9807cae73de26c.vbs

Resource

win10v2004-20240508-en

guloader downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c73a128c7037b9e0a9a545bcf51c3ca925d2d436caa1c2953f9807cae73de26c.vbs
- Size
  
  148KB
- MD5
  
  47b6f5c41eac8d907383975519acd23f
- SHA1
  
  2350d6620178aa2afe7fed95155d9eeacb01b20f
- SHA256
  
  c73a128c7037b9e0a9a545bcf51c3ca925d2d436caa1c2953f9807cae73de26c
- SHA512
  
  acb83003a6a21e3dcf7b0863dd5653333f16d3028b8185a89e63f7bfc2f4365c8b54166feb36818a0924eb5ab5401c5ae6c062598b4fb33644e2b6247167e9cb
- SSDEEP
  
  768:Ku/ASpXGueKdxPyFZvZipj2dmFWUpDn4fgyHgzJsgFuwavj:hVw5KdxqnkVSHS4zkJxPavj
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2025

Terms | Privacy