guloader | 8eb08f80b960b9400dec60b4868b671c11d55dc217eca76ce34e7627501bc790 | Triage

Submit
Reports

Overview

overview

Static

static

1

faktura_62...df.vbs

windows7-x64

faktura_62...df.vbs

windows10-2004-x64

Sharing

General

Target

8eb08f80b960b9400dec60b4868b671c11d55dc217eca76ce34e7627501bc790
Size

10KB
Sample

240923-p9qtmsxbkn
MD5

47e219b854917954d2a651b2e39d2696
SHA1

24a1808365499dbe56b5e1aca36d0171e1d2ea6c
SHA256

8eb08f80b960b9400dec60b4868b671c11d55dc217eca76ce34e7627501bc790
SHA512

35f83042d6e0e76531584511e0bccd1710f543b523005795c61d6151b5b0a0cd9acbfe75c25a8776ddda44b828f3b371cb7de69f0fdca7e70ffa288c5fcf78ea
SSDEEP

192:KpcTn/Ahm8A1/RqYwMcwO4Gs8luTYtP1Fae2HjOUmlejJwQLeRcz6JG16js75G:3wq/YZMcl4GfluTe1Fx2SUnjGQLeKjHU

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

faktura_6240384907·pdf.vbs

Resource

win7-20240903-en

guloader discovery downloader

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

faktura_6240384907·pdf.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  faktura_6240384907·pdf.vbs
- Size
  
  33KB
- MD5
  
  23a871278b8175dff3c51ea64e258d87
- SHA1
  
  099366ae409ea0908fbb3facf931028289e48e78
- SHA256
  
  a860af9a977d8fc6ad99942d066df0d8ca618c449eb3a3190fc3d49d6755ef17
- SHA512
  
  ce7ebf6cb316057556ebaf77de487985ee566fae67a788db6351b091c43a0af5cdab34bde1c8e242ce81c971b39f83c8bcb98d8fe02a12f36e1b14ddfa80e8e9
- SSDEEP
  
  384:3k7jqtTDo8r1VebE3KUOOpJWUvZil1pFz:U7mTU8ribNoQUvA1ph
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy