guloader | e1e0b4d13fef5e47cfed1e8ceb1bfd8175799fe22ad8f18c877d85ed5a72aab8 | Triage

Submit
Reports

Overview

overview

Static

static

3

document.exe

windows7-x64

document.exe

windows10-2004-x64

Sharing

General

Target

fae9e944e39fec77899d87f3ae45fbf4_JaffaCakes118
Size

40KB
Sample

240927-z1by8szcrk
MD5

fae9e944e39fec77899d87f3ae45fbf4
SHA1

e230dd07e804b12eb238984e8da85b7ca03a8148
SHA256

e1e0b4d13fef5e47cfed1e8ceb1bfd8175799fe22ad8f18c877d85ed5a72aab8
SHA512

3dfd4ce531bb57fcc494d3e0956dcc1c807f6aa5a55751b4a5b255f1bed2e5e5a346362b3abfe485bb5e3b84c25e407a7daf5783358bec7fcb3148446fd26f42
SSDEEP

768:Q00ItI3/oAShP4R0cGiu5uJVYjsjB2rAk7wecVRXXslrRNBNAr:D0ItI3gH2ycGiu5iH1Y3caFN8

Score

10^/10

guloader discovery downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

document.exe

Resource

win7-20240729-en

guloader discovery downloader guloader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

document.exe

Resource

win10v2004-20240802-en

guloader discovery downloader guloader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1_C89SIhHOlv9l9ZnU366hDceUJ5YArTR

xor.base64

Targets

- Target
  
  document.exe
- Size
  
  88KB
- MD5
  
  3a29ec5e78273a5d9497afe943102c89
- SHA1
  
  b14457eed801b28dde491f6c8879def4df63ec42
- SHA256
  
  230d41b01617fcee8d5a438a5df4bc75910be2aa65e173ce11f7b1ed51c591a1
- SHA512
  
  10de5acf84a34818c35f267982b6acd131790568b37991cd8993b449d5d7a2c6403626b5c2cea58942a33a7bf1691c8850a625022408abd88ca4e034f626835f
- SSDEEP
  
  1536:L0pjfh9/kfVbJyrFDDmr7UcFETuEZsZyVoNrFDDmr7UclVbifh9/k:wXiVSFDD8nmTuEZsYEFDD8nlV+X
Score

10^/10

guloader discovery downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloader

behavioral2

guloaderdiscoverydownloaderguloader

© 2018-2025

Terms | Privacy