guloader | 49260a07ff0d5c06efdfc3985bcc44d6df5cf2a56810f01c3243684b950264cc | Triage

Sharing

General

Target

1116543711892424.scr
Size

1.0MB
Sample

240924-m7psfswblb
MD5

4648a0278bd003c324fcd7e7779dcf99
SHA1

401623540094e2eef531d366d8c155c1d3d72abb
SHA256

49260a07ff0d5c06efdfc3985bcc44d6df5cf2a56810f01c3243684b950264cc
SHA512

198d5db4bb4f612645786c27cdacb26665db4099cd8580091adf86d9d84fc16278d3a87c410912cb4968c630dca1cc14432551673fb7653ad83f28b601720da5
SSDEEP

12288:x9XMnptEWw7TAIh1LSw84bjZgyrMNAzP6RtRQXl51KBkpw8+QZ0:rcnsWw7sIh1uQba4mRjQVP2UkV

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  1116543711892424.scr
- Size
  
  1.0MB
- MD5
  
  4648a0278bd003c324fcd7e7779dcf99
- SHA1
  
  401623540094e2eef531d366d8c155c1d3d72abb
- SHA256
  
  49260a07ff0d5c06efdfc3985bcc44d6df5cf2a56810f01c3243684b950264cc
- SHA512
  
  198d5db4bb4f612645786c27cdacb26665db4099cd8580091adf86d9d84fc16278d3a87c410912cb4968c630dca1cc14432551673fb7653ad83f28b601720da5
- SSDEEP
  
  12288:x9XMnptEWw7TAIh1LSw84bjZgyrMNAzP6RtRQXl51KBkpw8+QZ0:rcnsWw7sIh1uQba4mRjQVP2UkV
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a436db0c473a087eb61ff5c53c34ba27
- SHA1
  
  65ea67e424e75f5065132b539c8b2eda88aa0506
- SHA256
  
  75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
- SHA512
  
  908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d
- SSDEEP
  
  192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4