guloader | b555baba6a73cce90d70d824e74c65aa6ee662ccf20e41fa35cc0821f3719299 | Triage

Sharing

General

Target

05102024_0058_04102024_pago doc100424 PDF.rar
Size

427KB
Sample

241005-bbpl2awdlq
MD5

7576b04f309394a7ea3b60431ae17458
SHA1

af31ca72d2893c739b5f0d3028b6247865b4c979
SHA256

b555baba6a73cce90d70d824e74c65aa6ee662ccf20e41fa35cc0821f3719299
SHA512

dc8439499ff82128852f7e1dea54771d8dd6cb7a6585e45c86bcadb5dc12a626fc85a1066dd71eb932674d9abc568c1c145642817132db51b8c184042cad698b
SSDEEP

12288:8Hanhj0tj5MPe1tEfh1ODJ3Mway2/V9HU7Y0:tnF0Vx1WfvOD9Mwfo901

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  subadditively.exe
- Size
  
  555KB
- MD5
  
  f759efa36771423aeebc76c01a9489a5
- SHA1
  
  7c6d5b42de4816f2fdf5435effe2c044a2eda4d5
- SHA256
  
  e1b0efc264c4e6a272d62db808664c9dacb4984efc53810cf3c9a0e993e1ee56
- SHA512
  
  ab144828d1b176f32919bc0ee9b149870c1f8cee88c7238e5a67c74afad6ca9246ca8a20862e755b168a681fd5f68955f840374ce20c83523ad60e1a9195d86a
- SSDEEP
  
  12288:Da4KLc5c8FInuk8C4DZQpQ45tQ/USU4xp:mfjnuk8NKpDtQ/RU4
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4