guloader | 24843276944661cf3b13a9297843687f6b6fa1111d51bca9d73c45fa35bc4c7a | Triage

Submit
Reports

Overview

overview

Static

static

1

Payment copy.vbs

windows7-x64

Payment copy.vbs

windows10-2004-x64

Sharing

General

Target

Payment copy.vbs
Size

1.6MB
Sample

240926-h5hh5svamm
MD5

237ab08466bfa23450bb6266af82667f
SHA1

a82af4e2d1367d941bf7576a83219dc4ef0b6f99
SHA256

24843276944661cf3b13a9297843687f6b6fa1111d51bca9d73c45fa35bc4c7a
SHA512

03bab4a6f5797169fbee90def5f4c51a02f8725afb45a090f53fc3f20d395438a82812b30bd81d24129024142ff3b1c39c2b77c1d7931a02cf5899df72953b71
SSDEEP

24576:2Eeps6dHJFR2QlXTu3AoZBn7aw6ccWtxSX3KAHSh:0s6dt8x7r5cI

Score

10^/10

guloader discovery downloader

Static task

static1

Behavioral task

behavioral1

Sample

Payment copy.vbs

Resource

win7-20240903-en

guloader discovery downloader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment copy.vbs

Resource

win10v2004-20240802-en

guloader discovery downloader

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payment copy.vbs
- Size
  
  1.6MB
- MD5
  
  237ab08466bfa23450bb6266af82667f
- SHA1
  
  a82af4e2d1367d941bf7576a83219dc4ef0b6f99
- SHA256
  
  24843276944661cf3b13a9297843687f6b6fa1111d51bca9d73c45fa35bc4c7a
- SHA512
  
  03bab4a6f5797169fbee90def5f4c51a02f8725afb45a090f53fc3f20d395438a82812b30bd81d24129024142ff3b1c39c2b77c1d7931a02cf5899df72953b71
- SSDEEP
  
  24576:2Eeps6dHJFR2QlXTu3AoZBn7aw6ccWtxSX3KAHSh:0s6dt8x7r5cI
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

© 2018-2025

Terms | Privacy