guloader | 9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e | Triage

Sharing

General

Target

9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e.exe
Size

618KB
Sample

241009-cgp1eswere
MD5

18fb2cccaa9ac71624eaceada006e938
SHA1

a25055a3b29ce0ee64d7e20eccced0f72ec737db
SHA256

9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e
SHA512

5828d7ee60e66afac8d3650930ed8556adc9693ab32ca872cc16f71382568baa471827cee1162393b7bce2c725965bd92377e7960225e43e00aef87754a2215d
SSDEEP

6144:SyI5s2239XH7ySqrVWOqnBRryl2sIgghQtUnQl8uFfKIn4jma8LIwJzSdfoVLg68:H22tH7L0kel2sInQDlxnPn906OLhsI

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e.exe
- Size
  
  618KB
- MD5
  
  18fb2cccaa9ac71624eaceada006e938
- SHA1
  
  a25055a3b29ce0ee64d7e20eccced0f72ec737db
- SHA256
  
  9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e
- SHA512
  
  5828d7ee60e66afac8d3650930ed8556adc9693ab32ca872cc16f71382568baa471827cee1162393b7bce2c725965bd92377e7960225e43e00aef87754a2215d
- SSDEEP
  
  6144:SyI5s2239XH7ySqrVWOqnBRryl2sIgghQtUnQl8uFfKIn4jma8LIwJzSdfoVLg68:H22tH7L0kel2sInQDlxnPn906OLhsI
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4