guloader | 30c62853cfb5c479bfc53ce608a909084ba327d13dc71f00d3da7a4ddbcaff93 | Triage

Sharing

General

Target

30c62853cfb5c479bfc53ce608a909084ba327d13dc71f00d3da7a4ddbcaff93.img
Size

2.0MB
Sample

241009-1gfnravclm
MD5

a8b345867ad2504ec98250dfd955f31f
SHA1

42263c85d8cb46740255dae736758cdcfecb1ff8
SHA256

30c62853cfb5c479bfc53ce608a909084ba327d13dc71f00d3da7a4ddbcaff93
SHA512

9a337142d3e23db9c47af2d033de8451f435da5324c91a2b9d08159403e3f334f9e1d5a4cad073d4f81c4f531a47def0d6bb26850fe23649175c5b4b94d87184
SSDEEP

49152:ckb5+o4wwb3BwbylFZ1l7wQokD09OuPWH:ckFv4wat7wQHaWH

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  RENDELÉSI szám 4956655r7e-pdf.exe
- Size
  
  1.4MB
- MD5
  
  a951367936161bc1dbb20eb588a6da95
- SHA1
  
  f1031fbc04c659943c2a34d2f45490b36ed2cc6a
- SHA256
  
  b5233a8b0c90711e8382d0898799c86c61ad1a1d6f93c0105057ec4bd199ca4f
- SHA512
  
  a0cc882022535f43bd7b6d2d2d931755b88468185801eff2233e7226b873ee73ec06a1c860ccb2509b32778b565998e8407192901c0e4560ff3ec9fb481cc455
- SSDEEP
  
  24576:4Kk6Zhc5+m5Ruww7T0OTRYoBLwbpclU12Z1owyMsMtBH9I9QoP8YfyWhk2xRUAS5:9kb5+o4wwb3BwbylFZ1l7wQokD09OuPE
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  ftc.one
- Size
  
  136KB
- MD5
  
  0cf69cfeb93306d3b605a92b66aaaef7
- SHA1
  
  6d262926babe54c4f323cb1ab0db68bd2255fd99
- SHA256
  
  4f33715442e71463834659002c783a27f5a04910cdc2b7b36a85f7d27432f742
- SHA512
  
  6f1e78f4bd09ccd639ffaccf231edbe79d9cd43c95eab51510af06c0882d90a373d4a18c303c179aa8ab40e5b6c1b426a692ac75b96b9620231b18d1f6abdaab
- SSDEEP
  
  3072:GprlOErj1GvHQ1mzTOYAaLxWzisMM4VP8R20wSj2:GpwrPlzTBAix+MXVbXSj2
Score

4^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6