guloader | c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c | Triage

Submit
Reports

Overview

overview

Static

static

1

c11ce59529...0c.vbs

windows7-x64

8

c11ce59529...0c.vbs

windows10-2004-x64

Sharing

General

Target

c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c.vbs
Size

20KB
Sample

240924-b6m2pasclm
MD5

b4b8045f84ab0b8229af71524f891fb4
SHA1

f43aad4d678ba2e259b5a357aecb19d3329e03e3
SHA256

c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c
SHA512

0424d77750ca1a1d78932162a5e4c223c805bdc3c82c960c24b2512d439992953b1aec2b872c09e18901a81a3fd02d5b08575d0edccf0ec0d5b5ef887aa6421d
SSDEEP

384:ADlQ3GOmBsxCnQ8tcIgn9csOkKENYbXfzuzLfEO7FLpoMMqQW59Bh:B39cs8QqYesWEuXfnudoMDb

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c.vbs

Resource

win7-20240903-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c.vbs
- Size
  
  20KB
- MD5
  
  b4b8045f84ab0b8229af71524f891fb4
- SHA1
  
  f43aad4d678ba2e259b5a357aecb19d3329e03e3
- SHA256
  
  c11ce5952945bc69335b4fa0f12cf90598a0f5bb6cad90ab495211bdc2aa3e0c
- SHA512
  
  0424d77750ca1a1d78932162a5e4c223c805bdc3c82c960c24b2512d439992953b1aec2b872c09e18901a81a3fd02d5b08575d0edccf0ec0d5b5ef887aa6421d
- SSDEEP
  
  384:ADlQ3GOmBsxCnQ8tcIgn9csOkKENYbXfzuzLfEO7FLpoMMqQW59Bh:B39cs8QqYesWEuXfnudoMDb
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy