guloader | 2287a97cf2d6372b8d60b9b1bb7d3d1b712605b33993868724ad8402261785e5 | Triage

Sharing

General

Target

Bestellung.vbs
Size

1.1MB
Sample

241017-lfww1svfmn
MD5

fb74f970b27703e29d97dda20ce839fc
SHA1

bb60d1e8a7d4ebee9651f97cf8d4b77eba3d4f9d
SHA256

2287a97cf2d6372b8d60b9b1bb7d3d1b712605b33993868724ad8402261785e5
SHA512

32e715fba256862bc0e39eab9f248315d5d9048a0f41f3a8fa9f2e0b3ef656a75f144093b80bbe76527cd0de90cb33df63f9df2c9f51719b941f8da437cd715c
SSDEEP

12288:suQGQZybQ9+p/0ebOfesj7KCsGXwbFHAhqGAYZEup/RY9VzBoJhTtxlkPpmkdmg6:sukcT/mxxIFHZhoY9VzBoJp4Vmwa

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Bestellung.vbs
- Size
  
  1.1MB
- MD5
  
  fb74f970b27703e29d97dda20ce839fc
- SHA1
  
  bb60d1e8a7d4ebee9651f97cf8d4b77eba3d4f9d
- SHA256
  
  2287a97cf2d6372b8d60b9b1bb7d3d1b712605b33993868724ad8402261785e5
- SHA512
  
  32e715fba256862bc0e39eab9f248315d5d9048a0f41f3a8fa9f2e0b3ef656a75f144093b80bbe76527cd0de90cb33df63f9df2c9f51719b941f8da437cd715c
- SSDEEP
  
  12288:suQGQZybQ9+p/0ebOfesj7KCsGXwbFHAhqGAYZEup/RY9VzBoJhTtxlkPpmkdmg6:sukcT/mxxIFHZhoY9VzBoJp4Vmwa
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader