guloader | 4b68dccffb6601d78041a03d53b92fc1a29f9300a0b3af086be054895172cb17 | Triage

Submit
Reports

Overview

overview

Static

static

3

M810107.exe

windows7-x64

7

M810107.exe

windows10-2004-x64

Sharing

General

Target

M810107.exe
Size

168KB
Sample

241019-yctzgavaqg
MD5

c2e9eeed123e767722b9c6d98f6669d3
SHA1

4db6f259a29564c8a57b8af23ab4f48cdb74989e
SHA256

4b68dccffb6601d78041a03d53b92fc1a29f9300a0b3af086be054895172cb17
SHA512

1b41dedc441ffe31e2a269a170f980f54d585100bc9d1e585bea6d1da1757809d404d33b232177d321a0d882e39cf9834c2f470c7383093cb231a2ad32116856
SSDEEP

3072:EwJ52Y7ZoH5XJaqKz8HIoLmMRmWzjDROnhkOZoaF80hqt2xVsXXJGhbc09VLM4LY:EwHysqKzL8AMjEdbhHVWEhhVdLY

Score

10^/10

guloader discovery downloader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

M810107.exe

Resource

win7-20241010-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

M810107.exe

Resource

win10v2004-20241007-en

guloader discovery downloader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  M810107.exe
- Size
  
  168KB
- MD5
  
  c2e9eeed123e767722b9c6d98f6669d3
- SHA1
  
  4db6f259a29564c8a57b8af23ab4f48cdb74989e
- SHA256
  
  4b68dccffb6601d78041a03d53b92fc1a29f9300a0b3af086be054895172cb17
- SHA512
  
  1b41dedc441ffe31e2a269a170f980f54d585100bc9d1e585bea6d1da1757809d404d33b232177d321a0d882e39cf9834c2f470c7383093cb231a2ad32116856
- SSDEEP
  
  3072:EwJ52Y7ZoH5XJaqKz8HIoLmMRmWzjDROnhkOZoaF80hqt2xVsXXJGhbc09VLM4LY:EwHysqKzL8AMjEdbhHVWEhhVdLY
Score

10^/10

discovery guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

© 2018-2024

Terms | Privacy