guloader | cd9b59ba78241886adfbed588862d62006d5a4a1a0903516e5b2fc0a7b5ece03 | Triage

Sharing

General

Target

22102024_1355_21102024_transferencia-256893035-145529-sanlccjavap0004-145.rar
Size

511KB
Sample

241022-q77vtazglk
MD5

5eb9c5a812190b63bccc6b5429544cc8
SHA1

01d813001f0b0db1b9519794581cb1b86ec80516
SHA256

cd9b59ba78241886adfbed588862d62006d5a4a1a0903516e5b2fc0a7b5ece03
SHA512

3f88b20e6149385bb9a879ffb13a267ae42cee25ded7cba7035441b28c1f22a4413436276f679b910fd05e13e85610c64c983279b06e14740278e553061d7d47
SSDEEP

12288:XTAhAdnycfcSvI99exWaCbLPt9b6jO//4XnMBOkVrHyDvoiC5JeTl3:XTAYycUQI/exWaCbLPGjyMnMNVbwvoFw

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  transferencia-256893035-145529-sanlccjavap0004-145.exe
- Size
  
  523KB
- MD5
  
  0dfa923548c0c87e17f4b58fe18d50c2
- SHA1
  
  02297bf370ddb5998ee44b5f45289bfad33f157c
- SHA256
  
  0bfd1449856fa8814c4d16e77e1ac018c3a265328c4b3819775c31a3e89c0a22
- SHA512
  
  79a748ae4377823b40f42b0d703b76cd3fea096e92ae734b73129014e6d2a17d027f83248dbb9bade9745ef1598318215d9e683f9bee3130e726e55ad1c33dcc
- SSDEEP
  
  12288:DMWZ/o0AK0/WAxhrHJluQrNlxWW5xsjmFs+ZHmkHN3HiPCpfBVx:IAgxX/WA/zXgeMIHnHpHiwV
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  cf85183b87314359488b850f9e97a698
- SHA1
  
  6b6c790037eec7ebea4d05590359cb4473f19aea
- SHA256
  
  3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
- SHA512
  
  fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b
- SSDEEP
  
  96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4