guloader | 1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052 | Triage

Submit
Reports

Overview

overview

Static

static

3

1c93a68eef...52.exe

windows7-x64

1c93a68eef...52.exe

windows10-2004-x64

Sharing

General

Target

1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052.exe
Size

787KB
Sample

240926-bkgb1sybmr
MD5

2a58425293da7dfb6b538be1a0938ae0
SHA1

f0c77f6e7b0aa956a69781cee03f178993c6b2b4
SHA256

1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052
SHA512

a520036a55b9cb63a9e5d1665378d6bf1f4c6922b1c8302e1e696c1d7e1e11d166d173435a8bf33a0c1f05826dee1e061d4d110459037c156cba29294d18f9ad
SSDEEP

12288:ZtSfgqcOZxX5BgvFnV6IBRudkPIUqMzABEcdmBIG8991x2HqMqFK1yoI:LSfgeXIvXDlI4wEcsBIFxwqFK1yoI

Score

10^/10

guloader collection discovery downloader execution persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052.exe

Resource

win7-20240708-en

guloader discovery downloader execution persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052.exe

Resource

win10v2004-20240802-en

guloader collection discovery downloader execution persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052.exe
- Size
  
  787KB
- MD5
  
  2a58425293da7dfb6b538be1a0938ae0
- SHA1
  
  f0c77f6e7b0aa956a69781cee03f178993c6b2b4
- SHA256
  
  1c93a68eefd2ba3fc952de91d44a3e95321819e0977ecd5e7dfb33ea47bfb052
- SHA512
  
  a520036a55b9cb63a9e5d1665378d6bf1f4c6922b1c8302e1e696c1d7e1e11d166d173435a8bf33a0c1f05826dee1e061d4d110459037c156cba29294d18f9ad
- SSDEEP
  
  12288:ZtSfgqcOZxX5BgvFnV6IBRudkPIUqMzABEcdmBIG8991x2HqMqFK1yoI:LSfgeXIvXDlI4wEcsBIFxwqFK1yoI
Score

10^/10

guloader discovery downloader execution persistence collection
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderexecutionpersistence

behavioral2

guloadercollectiondiscoverydownloaderexecutionpersistence

© 2018-2025

Terms | Privacy