guloader | bdad372e1916a731f45edde8e2db92eadfb2eda17441fb58963e87002bd4dbbd | Triage

Submit
Reports

Overview

overview

Static

static

1

.vbs

windows7-x64

.vbs

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

.vbs
Size

1.2MB
Sample

240902-j9rs2sxbnd
MD5

77ff74408e0e839a58733518b4f5fd65
SHA1

a69bd28eef3b94fcd3f1792141de8f0bc28bae7e
SHA256

bdad372e1916a731f45edde8e2db92eadfb2eda17441fb58963e87002bd4dbbd
SHA512

4a497a1fc7d8180afcb5d81baaf199a8b9710fe7ca5c8cd4256f0337a6a409c5a4d7331c2f18c32ae47899426d2b418f37b6ba653e688b7e01d7e84d38298fcf
SSDEEP

12288:niREMhU7JceNaOBqtVbjoOT3GMQtBzWu5aV0dGh4GwrQH:nihUNHBqfJWMWUo9GsQH

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

.vbs

Resource

win7-20240708-en

guloader discovery downloader

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  .vbs
- Size
  
  1.2MB
- MD5
  
  77ff74408e0e839a58733518b4f5fd65
- SHA1
  
  a69bd28eef3b94fcd3f1792141de8f0bc28bae7e
- SHA256
  
  bdad372e1916a731f45edde8e2db92eadfb2eda17441fb58963e87002bd4dbbd
- SHA512
  
  4a497a1fc7d8180afcb5d81baaf199a8b9710fe7ca5c8cd4256f0337a6a409c5a4d7331c2f18c32ae47899426d2b418f37b6ba653e688b7e01d7e84d38298fcf
- SSDEEP
  
  12288:niREMhU7JceNaOBqtVbjoOT3GMQtBzWu5aV0dGh4GwrQH:nihUNHBqfJWMWUo9GsQH
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy