guloader | 1b75203f20f668f58a88ef50eea8c11069a9d7563916fff2797a17a3832163eb | Triage

Submit
Reports

Overview

overview

Static

static

1

27618647_E...0T.vbs

windows7-x64

27618647_E...0T.vbs

windows10-2004-x64

Sharing

General

Target

1909202412441809202427618647EXCF135500500T.rar
Size

11KB
Sample

240919-r8qhlavdjr
MD5

e63b1c607764d81a8df9b2884cdeac90
SHA1

aea4ef6f92037eb7acdf5dbca50be08ce58002dd
SHA256

1b75203f20f668f58a88ef50eea8c11069a9d7563916fff2797a17a3832163eb
SHA512

59f4fa4dab0ab8dc9df5048dfa2fc3b6f92000cd3bd65f5aeaa1b5c90ebe07453f21d4a1cffb27b720ec7fdd70afa5570526aa567173d442cc6e7562b6b64cbd
SSDEEP

192:qqJEQkS3w4Sq4hvSxKI6qtpPvz/v0Z6wsol0Gjd5VanpLtCNnpWHxh521WLhZTND:qKgbU/MZ5IGj3VanpKnpUxh5vsdQ3

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

27618647_EX_CF 135500500T.vbs

Resource

win7-20240903-en

guloader discovery downloader

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

27618647_EX_CF 135500500T.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  27618647_EX_CF 135500500T.vbs
- Size
  
  33KB
- MD5
  
  fe8bafb0fb5adfbcd6c959c4f0b758e8
- SHA1
  
  f5f909c9b1adece63e9c68b22d4a823842eb1321
- SHA256
  
  9b47a3de7cb8fe46e268bfa95ac81070a4e04c3d0b044a3c2c0376db6f3cb6db
- SHA512
  
  94d41408502524f5ad2e67ffac72dfa7c94c5a3e8183aa721ed5be8c0de106e5cb3549b0a86e5ebf2484ea1512ec440d737ee5d47c8683b1a0b1d794caef45e8
- SSDEEP
  
  384:Z9vOg3jzCxmiJGRvgGY8celmjLOz7uNnPKwvnX98vuR/k9UK:Zp3jZiJGxO8czLkSVJ9nWx
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy