guloader | 59c46bca7b151554f067bb4a5bad03c984db9d1d2eda59124495f399741e7897 | Triage

Sharing

General

Target

Dannebrogsordnen.exe
Size

708KB
Sample

241017-qq8e1ssfrm
MD5

f259324bd799aa19142a7aadce371900
SHA1

5c977b560c2aa6e7e016388c8c5737688ba8016f
SHA256

59c46bca7b151554f067bb4a5bad03c984db9d1d2eda59124495f399741e7897
SHA512

539d881b45e98433868c2ed2be341af04987af2736e47b6160dcd30d3bbe7e57f7c54e2db539b238bdbc0f7ce1860620e5d2791b5b8ff38ae978ed1bff0e4d5b
SSDEEP

12288:grgjBLiIK2WVy/YqpupTj+aRIGvVg8LYCI2ugcY97FB95ByrhXmmwMRzcLSIHp:g0jBiIK2R/5pupbIGu0Y7ncr2XjZcWIJ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Dannebrogsordnen.exe
- Size
  
  708KB
- MD5
  
  f259324bd799aa19142a7aadce371900
- SHA1
  
  5c977b560c2aa6e7e016388c8c5737688ba8016f
- SHA256
  
  59c46bca7b151554f067bb4a5bad03c984db9d1d2eda59124495f399741e7897
- SHA512
  
  539d881b45e98433868c2ed2be341af04987af2736e47b6160dcd30d3bbe7e57f7c54e2db539b238bdbc0f7ce1860620e5d2791b5b8ff38ae978ed1bff0e4d5b
- SSDEEP
  
  12288:grgjBLiIK2WVy/YqpupTj+aRIGvVg8LYCI2ugcY97FB95ByrhXmmwMRzcLSIHp:g0jBiIK2R/5pupbIGu0Y7ncr2XjZcWIJ
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  dd87a973e01c5d9f8e0fcc81a0af7c7a
- SHA1
  
  c9206ced48d1e5bc648b1d0f54cccc18bf643a14
- SHA256
  
  7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1
- SHA512
  
  4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f
- SSDEEP
  
  192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4