guloader | a0bd83b306ca7068752f3d9db6d8612d7a365c1a5ab9c8d636f6028321ebcd39 | Triage

Submit
Reports

Overview

overview

Static

static

1

لیست �...۶.vbs

windows7-x64

لیست �...۶.vbs

windows10-2004-x64

Sharing

General

Target

لیست اقلام اسکن‌شده شماره ۱۱۷۵۶.vbs
Size

1.3MB
Sample

240923-rf6dcaybqj
MD5

f2539546e643a5d82ab2bd6b0479268e
SHA1

879469261c3799ba7b10dde416917e2f784d74f7
SHA256

a0bd83b306ca7068752f3d9db6d8612d7a365c1a5ab9c8d636f6028321ebcd39
SHA512

96f25265f072994703328526098cea8278fe87937e1552a00b1c210e716b85ef9d6489e3099d82f8a7b75173dc751ab01330ead72951b0c93deffa7bb377507d
SSDEEP

12288:HXysOJVCGdmCx8gav0Ejfdk47/SdDf5Px+T6cs7BFEYCc8Paj4sMHuMayv3ShEn/:HXysTGdNx8g76lgdDx0oBWYqaYTS+dl

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

لیست اقلام اسکن‌شده شماره ۱۱۷۵۶.vbs

Resource

win7-20240903-en

guloader discovery downloader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

لیست اقلام اسکن‌شده شماره ۱۱۷۵۶.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  لیست اقلام اسکن‌شده شماره ۱۱۷۵۶.vbs
- Size
  
  1.3MB
- MD5
  
  f2539546e643a5d82ab2bd6b0479268e
- SHA1
  
  879469261c3799ba7b10dde416917e2f784d74f7
- SHA256
  
  a0bd83b306ca7068752f3d9db6d8612d7a365c1a5ab9c8d636f6028321ebcd39
- SHA512
  
  96f25265f072994703328526098cea8278fe87937e1552a00b1c210e716b85ef9d6489e3099d82f8a7b75173dc751ab01330ead72951b0c93deffa7bb377507d
- SSDEEP
  
  12288:HXysOJVCGdmCx8gav0Ejfdk47/SdDf5Px+T6cs7BFEYCc8Paj4sMHuMayv3ShEn/:HXysTGdNx8g76lgdDx0oBWYqaYTS+dl
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy