guloader | 34c2a02d6f7ed81aa8a9f40ac063d1211c2c8bc4a868d76f6067c95113650e2c | Triage

Submit
Reports

Overview

overview

Static

static

1

117532123_...df.vbs

windows7-x64

117532123_...df.vbs

windows10-2004-x64

Sharing

General

Target

117532123_20240925-9_MCZB·pdf.vbs
Size

32KB
Sample

240925-ja8mhssgkl
MD5

d1a211300527f936749e157497ee6bbb
SHA1

c3dde8608211be1f593826d462f07aad30acfcb8
SHA256

34c2a02d6f7ed81aa8a9f40ac063d1211c2c8bc4a868d76f6067c95113650e2c
SHA512

41bce01d8d6f05f1eeca76a3b5ef6708b272fb9f70c2ad41da442e70f9b3b2fb9e94af846b8f837a767b4241f278efa6a35fb4bee17749c3f81176ad55cb7193
SSDEEP

384:3Gd0zog59nv53rIci7Yib5Afi9SYToxbiRjH90e/:Wd0zog59B3rBu55csSmoQRN/

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

117532123_20240925-9_MCZB·pdf.vbs

Resource

win7-20240729-en

guloader discovery downloader

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

117532123_20240925-9_MCZB·pdf.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  117532123_20240925-9_MCZB·pdf.vbs
- Size
  
  32KB
- MD5
  
  d1a211300527f936749e157497ee6bbb
- SHA1
  
  c3dde8608211be1f593826d462f07aad30acfcb8
- SHA256
  
  34c2a02d6f7ed81aa8a9f40ac063d1211c2c8bc4a868d76f6067c95113650e2c
- SHA512
  
  41bce01d8d6f05f1eeca76a3b5ef6708b272fb9f70c2ad41da442e70f9b3b2fb9e94af846b8f837a767b4241f278efa6a35fb4bee17749c3f81176ad55cb7193
- SSDEEP
  
  384:3Gd0zog59nv53rIci7Yib5Afi9SYToxbiRjH90e/:Wd0zog59B3rBu55csSmoQRN/
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy