guloader | fc9d777bc9624053f4e3b1490481ce501db56852114f5183b976e391724db2a6 | Triage

Submit
Reports

Overview

overview

Static

static

3

Order GFD-...df.exe

windows7-x64

Order GFD-...df.exe

windows10-2004-x64

Sharing

General

Target

f4df75353727bf3d3bc5bf97321c8fb5_JaffaCakes118
Size

1.2MB
Sample

240925-bt84dszcjc
MD5

f4df75353727bf3d3bc5bf97321c8fb5
SHA1

3d2f8371fb9daec2c184ab0b0c6e56fc9f114cc0
SHA256

fc9d777bc9624053f4e3b1490481ce501db56852114f5183b976e391724db2a6
SHA512

bac369a040c7c81f804fe31bb63dc166bc2ba5ea44d0b17df3203a1aa1ad6962de20f1be30bb314e9631f5ad113b9e2bdaa9a80dd91e6faf944e7e4506ab50ac
SSDEEP

1536:90OlYcDrdLtwmmStpUdvwDwvfE7jTkcbWxOL4jwHQyQDWuAV:nlxrdhrpUmEk7jTkIbia+6V

Score

10^/10

guloader discovery downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Order GFD-102747_pdf.exe

Resource

win7-20240903-en

guloader discovery downloader guloader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order GFD-102747_pdf.exe

Resource

win10v2004-20240802-en

guloader discovery downloader guloader

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1nuzERLigTnal8O6BNV8Xe858ZwCbibux

xor.base64

Targets

- Target
  
  Order GFD-102747_pdf.exe
- Size
  
  172KB
- MD5
  
  2ad51df64005dc68130358394d31c1ec
- SHA1
  
  fdf85072d44d72c941dbb645ce95a2b015574648
- SHA256
  
  d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
- SHA512
  
  13ac7da35ec607e28e50dd49f87b025773caf7436cb9bf8e9a6dff9dd77b188b4355d6a05660e00b0062a6d9961cbb21f89d66126ae657f71503ca5ec813efa8
- SSDEEP
  
  1536:PlYcDrdLtwmmStpUdvwDwvfE7jTkcbWxOL4jwHQyQDWuAVG:PlxrdhrpUmEk7jTkIbia+6VG
Score

10^/10

guloader discovery downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloader

behavioral2

guloaderdiscoverydownloaderguloader

© 2018-2025

Terms | Privacy