guloader | 8c09ef66ed1727bbffd30616609a863f23753d96351a4d363cd9934a253bebcf | Triage

Sharing

General

Target

08102024_1552_07102024_doc071024.rar
Size

467KB
Sample

241008-tegdyatfrq
MD5

cfa6c1878e28d1a36c83afea76adcdf3
SHA1

13363d2cca6e0325a3dc2802a713ebebd5432995
SHA256

8c09ef66ed1727bbffd30616609a863f23753d96351a4d363cd9934a253bebcf
SHA512

df5196e770ec723c3e4be7201acc9bda35b9552145f55f8296785075b6925bc800ddb4a2272fabb211c0001e444574db08451eeeeadd68b2af90a503dd1da1d1
SSDEEP

12288:ZNIog8U/uEV0nt5jZN2PXVuxjIggTEwtAKU3nn+M:ZtDU/pV0nDjZUX8NIgg1tAKUZ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Percolator118.exe
- Size
  
  611KB
- MD5
  
  79d24110039455ea1adf512f677555c5
- SHA1
  
  7d299570abb877e5aa0ed939423d8745e990baee
- SHA256
  
  4fdc7af86220a1968795c45d06322fa592103d166876814e7f0140faee1398a8
- SHA512
  
  a238e140f013bbde7b37bfbf1eaab9a68fff7eac75c73fe9f7b034701bcf4b5259ecacd52e4bc9963f7792c3c4f2f3653f10eabc14c3d55fd2af29f2c812ff5a
- SSDEEP
  
  12288:s22tQucNsuV23uYIdxJnPi1JwMMq906OL8Zq:s22twVV0u5x5PigX6OX
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4