guloader | a8bc9efd646596c1285ac7c27ae2e5ddd80ca3ace9cc00a8a238f2eb426b442d | Triage

Submit
Reports

Overview

overview

Static

static

3

Payment_Sl...29.exe

windows7-x64

Payment_Sl...29.exe

windows10-2004-x64

Sharing

General

Target

246ade217932222503a21ac4e6b0be50_JaffaCakes118
Size

24KB
Sample

240728-z4z58svemj
MD5

246ade217932222503a21ac4e6b0be50
SHA1

228127e40e44fd6978b45c4d77ff2a924968862e
SHA256

a8bc9efd646596c1285ac7c27ae2e5ddd80ca3ace9cc00a8a238f2eb426b442d
SHA512

073761b7a6278c919cda4098ed54919ab98352a57b17a2446d7e3627e3f0bdee4e535ba43f55a66c3c9c39d1f543f275db5d23da4e3932d004ea96ceabd9a5b0
SSDEEP

384:QvKXRjWu9qgkOA6DbzjFC2dnmiW7/a6DbEsXlGlvBMySjbibeTMI8YjHKViA:QvGXMgZPn/Vi9+BMyE+lhYeZ

Score

10^/10

guloader discovery downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment_Slip_2020190002602329.exe

Resource

win7-20240705-en

guloader discovery downloader guloader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment_Slip_2020190002602329.exe

Resource

win10v2004-20240730-en

guloader discovery downloader guloader

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1N8EyzMe4Ew_jAHmVr_vmlyMkeUvV7TUH

xor.base64

Targets

- Target
  
  Payment_Slip_2020190002602329.exe
- Size
  
  52KB
- MD5
  
  6b7ebf98238c64023780fe69743da21d
- SHA1
  
  42c3203593d4814c8f14b6b706b7009f226e2eb7
- SHA256
  
  35787807345e104b2fc93883c3d54925d876b4c6a03153110acd9cf86f655459
- SHA512
  
  16f33b6edf612a3ee3580ecaf5abfd015687c0306323f4428c2dbf8610d3409ef379fa4e749efa7615b14759f8c54ecd7e52760d851c9d1a27c1229ec1a76aea
- SSDEEP
  
  768:ZQeVfWGZg7Pz4lihPd2g+8Y1Vb5ENmC1amAgOciaWHKJIp:ZNVrg70if1YTwmC17A/DaWHxp
Score

10^/10

guloader discovery downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloader

behavioral2

guloaderdiscoverydownloaderguloader

© 2018-2025

Terms | Privacy