guloader | fcf214c908eca05b55c1ba9c9330f519ac0f58f63bf3460aac71a68845d441ef

Analysis

max time kernel
94s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

567865678876.exe
Size

80KB
MD5

01c5bc40740792aa6d64b78fd8defc2d
SHA1

bc69541f4d615dbf30196a853e0207d983cc3eba
SHA256

11ccc998a4348adb77d7bb5088a5afe953be17352c04112ca61a5af544ba2eb8
SHA512

cbd14685bcd590d4e99ca2dee947dca2cf1349ec3917176c96a54d8899dc1cc6984ac4f5a3598c45f0080417237ae33ffc421cf15b6256e01e41dc3f55f2c60c
SSDEEP

768:OhpJR4pPWOc5Pbf10KOx2MXq8B5IntYbPVaUnOLEOzof8ekKifAhq:2J8RQzd0KlmBfzQyOLdE1LY

Score

10^/10

guloader discovery downloader guloader

Malware Config

Extracted

Family

guloader

https://drive.google.com/uc?export=download&id=15ZM2G4UlQ9cotKEcr2i1E0v4gDrl-zp2

xor.base64

Signatures

Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
downloader guloader

Guloader payload 2 IoCs

guloader

resource	yara_rule
behavioral2/memory/4328-2-0x0000000002220000-0x000000000222B000-memory.dmp	family_guloader
behavioral2/memory/4328-3-0x0000000002220000-0x000000000222B000-memory.dmp	family_guloader

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	567865678876.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4328	567865678876.exe

C:\Users\Admin\AppData\Local\Temp\567865678876.exe
"C:\Users\Admin\AppData\Local\Temp\567865678876.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4328-2-0x0000000002220000-0x000000000222B000-memory.dmp

Filesize
44KB

Download
memory/4328-3-0x0000000002220000-0x000000000222B000-memory.dmp

Filesize
44KB

Download