guloader | 62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a

Resubmissions

10-07-2024 12:56

240710-p6khfs1eng 10

10-07-2024 12:56

240710-p6ft9s1end 10

10-07-2024 12:55

240710-p57llaygpj 10

Sharing

Copy URL

Twitter E-mail

General

Target

62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
Size

438KB
Sample

240710-p6ft9s1end
MD5

9afb4103021c5ec8b2dea2772f39178e
SHA1

bc773e17fc6e7080b4243a9b72ac75292d17bc90
SHA256

62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
SHA512

82c5fd97d80bd79c0377b1c8ea3a6e2f00f10b7ae14febc0ba9c8e5bd1405c05f62f2c66db1571b0596bd0a459e32dd58c8e9bf894068418d5b40b54b488ef33
SSDEEP

12288:LW7Ck8jvhUX7Arm+PJnGdijUR9MEuqbZv:LWeLaQnhGEYjfhbZv

Score

10^/10

Malware Config

Targets

- Target
  
  62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
- Size
  
  438KB
- MD5
  
  9afb4103021c5ec8b2dea2772f39178e
- SHA1
  
  bc773e17fc6e7080b4243a9b72ac75292d17bc90
- SHA256
  
  62548c66d11776c84706553bdd76afd7248d2c3e69b0f47215c0dc307f0dd06a
- SHA512
  
  82c5fd97d80bd79c0377b1c8ea3a6e2f00f10b7ae14febc0ba9c8e5bd1405c05f62f2c66db1571b0596bd0a459e32dd58c8e9bf894068418d5b40b54b488ef33
- SSDEEP
  
  12288:LW7Ck8jvhUX7Arm+PJnGdijUR9MEuqbZv:LWeLaQnhGEYjfhbZv
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Guloader,Cloudeye

Checks QEMU agent file

Loads dropped DLL

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4