guloader | ae89fa61451250c7e7536745389b781adaa8ac9105e620061942f2de04308ddc | Triage

Sharing

General

Target

Naskenovaný seznam položek č. 74245.7z
Size

740KB
Sample

240925-mxdx7svble
MD5

7d84525fe27d91c9674bd7fd4755c2be
SHA1

e84c2ad8bb3e8a53c872d935cdf45d965703f2aa
SHA256

ae89fa61451250c7e7536745389b781adaa8ac9105e620061942f2de04308ddc
SHA512

1a196e35957e51fa8d3bc4a513ca4c721f3e60081e2bf4507f541c5cd9ff0af37baf9913871bd4a3c5f8db4eb2e0e6e8f46085165badb0008beee60d66aa4ae3
SSDEEP

12288:xng8ZEZr/hCJaInA1uOli8hxL1mEouaCJJjdPmbG8SS3G+Y12jRjN+ZFJRfmBYn:tjR5nA8Yx5mEoudPmq8jY1sj4zrfj

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Naskenovaný seznam položek č. 74245.vbs
- Size
  
  1.2MB
- MD5
  
  66ccc86e92b90555bef9ec7f4281cc8b
- SHA1
  
  8ef7f0bec3beb48df154b350cae7729df9e3cb74
- SHA256
  
  6e435f3a080733d5733beb10fd0d45f8530f9f5ebf8367ff1b4daf56d0106dc3
- SHA512
  
  89d225f726add2f44a33a8dd85ceb89a2fd6e526586e079ad62247659766337367888376f0d44b1eb936103ca0d499a59c6fb11a3aeb9fe3e60e7c72ed218b2e
- SSDEEP
  
  24576:aYQfEcXSFMuTGp2jdvB8S+QrShBYxfcFme3Frt0yOL09jFxzUA8cP51Xq:AccYMx7h6kuQq
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader