guloader | 6f5f1c6837954de9c3c7971a0882a7677bd857fa4503bad50b9967fd9e326658 | Triage

Sharing

General

Target

6f5f1c6837954de9c3c7971a0882a7677bd857fa4503bad50b9967fd9e326658
Size

726KB
Sample

240919-s5m4qswepb
MD5

0cc866b2fa5a1633f601295747f05715
SHA1

0685afa1f6e42a739a3bd6387c913e5d37a38156
SHA256

6f5f1c6837954de9c3c7971a0882a7677bd857fa4503bad50b9967fd9e326658
SHA512

7ecca5f0b6df1a11be9d3b437a1c54a3b65829a135b0cdd9241264b39db671d0b9a777c9eaf7e28b81a4bdabc846453020e9e7b85a0188116086bae95b267977
SSDEEP

12288:6sr+/xsjIdkuQG5HtqJGw45G/AWkCq+7hyNoAJxT8T4n/N2gtrtiX+0VFDkqgjUp:AcIkGLqJx4WBjNHyH/wMiX+42G

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Payment_Advice.1.bat
- Size
  
  792KB
- MD5
  
  5579ec71417c639a6464ca3a80fb06e8
- SHA1
  
  be672ad20c15b2cf54874b9162db4164daac2074
- SHA256
  
  d643687303ed91fb39af371e5614be74c6da1530c8a90f2fba52612c514e96f4
- SHA512
  
  1f71719360d68c30e90287d8fba7405ec861a71fed06f8cb5264ff8ba60fd8d9add1dde9a924eb74efbba2cd8f55ed119689b6880a18d8f009ee846f2914d494
- SSDEEP
  
  12288:SfLT54erQNuBGKQGHHtGbKwclG/oQqK7hkNoqrtPgT4JZNYgtrtsX083/DkkgjUB:SfLT5Xr6uMGtGbFmQxNBcVZ2MsX0u2
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4