guloader | 6e435f3a080733d5733beb10fd0d45f8530f9f5ebf8367ff1b4daf56d0106dc3 | Triage

Sharing

General

Target

Zeskanowana lista przedmiotów nr 84329.vbs
Size

1.2MB
Sample

240925-sjgd3asapm
MD5

66ccc86e92b90555bef9ec7f4281cc8b
SHA1

8ef7f0bec3beb48df154b350cae7729df9e3cb74
SHA256

6e435f3a080733d5733beb10fd0d45f8530f9f5ebf8367ff1b4daf56d0106dc3
SHA512

89d225f726add2f44a33a8dd85ceb89a2fd6e526586e079ad62247659766337367888376f0d44b1eb936103ca0d499a59c6fb11a3aeb9fe3e60e7c72ed218b2e
SSDEEP

24576:aYQfEcXSFMuTGp2jdvB8S+QrShBYxfcFme3Frt0yOL09jFxzUA8cP51Xq:AccYMx7h6kuQq

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Zeskanowana lista przedmiotów nr 84329.vbs
- Size
  
  1.2MB
- MD5
  
  66ccc86e92b90555bef9ec7f4281cc8b
- SHA1
  
  8ef7f0bec3beb48df154b350cae7729df9e3cb74
- SHA256
  
  6e435f3a080733d5733beb10fd0d45f8530f9f5ebf8367ff1b4daf56d0106dc3
- SHA512
  
  89d225f726add2f44a33a8dd85ceb89a2fd6e526586e079ad62247659766337367888376f0d44b1eb936103ca0d499a59c6fb11a3aeb9fe3e60e7c72ed218b2e
- SSDEEP
  
  24576:aYQfEcXSFMuTGp2jdvB8S+QrShBYxfcFme3Frt0yOL09jFxzUA8cP51Xq:AccYMx7h6kuQq
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader