guloader | 09a7ec0a71060ffe25dd7c6794aee5de299c12b2f67965bf14391df88de2c6b3 | Triage

Sharing

General

Target

05092024_1430_05092024_Final quarter Import request list quotation for _IMP1573_Rudra Industries_20240905.7z
Size

2KB
Sample

240905-rvbsaasfnk
MD5

6848cba5409df34ce4b910e99297eaa5
SHA1

aaceb70ed5ec49490482eba2b8a92caa01d0f479
SHA256

09a7ec0a71060ffe25dd7c6794aee5de299c12b2f67965bf14391df88de2c6b3
SHA512

9232ab5ca24b63be1cb2e9a8cbb20b0eef3f3ee8a7ef26a5540d1397e108f96971f59300c42ade15d521681fb0004b28d308478ff3a52b3c12d458d6d328bd7b

Score

10^/10

guloader warzonerat discovery downloader execution infostealer persistence rat

Malware Config

Targets

- Target
  
  Final quarter Import request list quotation for _IMP1573_Rudra Industries_20240905.bat
- Size
  
  3KB
- MD5
  
  a96683a18065602e77af0a6d01f0ce60
- SHA1
  
  3807eb2fc12a5f20d9f1729db85b9ff22d6d6eac
- SHA256
  
  9eabea1861473790bae6df91943268131241cf8b4f52bfefa659fb557541e8d8
- SHA512
  
  61a02fe1e4a01c7b8372402d9e56fbc6987de98c87631c201fa1f484972df4ed63e4a39ceee341478ebd0c9747d29ad053167a67f4899247048638a82c2b44ee
Score

10^/10

execution guloader warzonerat discovery downloader infostealer persistence rat
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- WarzoneRat, AveMaria
  WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
  rat infostealer warzonerat
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderwarzoneratdiscoverydownloaderexecutioninfostealerpersistencerat