guloader | 28d29ff8363e71797bd687b5d42b715633e42ce76f4649c7ae68f5a229a36ac9 | Triage

Sharing

General

Target

22102024_1637_22102024_factura.rar
Size

517KB
Sample

241022-t4xr8avbrc
MD5

aa95b8dce0cab17377d6bfa3fcc4fd20
SHA1

95d25cc7e38e384c184a972485477c4b237085cb
SHA256

28d29ff8363e71797bd687b5d42b715633e42ce76f4649c7ae68f5a229a36ac9
SHA512

1205a97578272981eac837d62871a25bc9b8f009a7c9a4fdefd33a26a0e85f7092d7b673c9ef98657b742a92b47089b6e5eefbe9dba07bcc9436b936fe8b9d5e
SSDEEP

12288:YjX6n3doaMyyJR272qeTx2MD4SkEc4aOSM0sjvjD9fyvyGuZm3yVL:YjX6n3doeyJUi58SkEQOH0sjX9kyGM0q

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Gansa.exe
- Size
  
  529KB
- MD5
  
  8ef9b2c45f53d18d18a7da795d5a6a50
- SHA1
  
  353bb94c823123080c9c06e2f05fdd2fc5dd9b77
- SHA256
  
  8602f2a77c0f0829d49f4ad809b8edf2dc3f86d89cf067e02718edda51ef0ab0
- SHA512
  
  af3afdcbb1521088a2e8b4cb30b16cd9fa97cb1a61ea4bcf8c1ae5cf55cb6a0c66c5ce0f6b95d40d5bcc0173586a65f4186aedcf9d7c0a4e3dd6332b0676572c
- SSDEEP
  
  12288:DMSfP91E/UwWb8FKQBmuipC4HKzvgmBQ6Ds+ZHmkHN3HiPCpfBVx:ISN1UFWgFKQXi9HKZ2eHnHpHiwV
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  cf85183b87314359488b850f9e97a698
- SHA1
  
  6b6c790037eec7ebea4d05590359cb4473f19aea
- SHA256
  
  3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
- SHA512
  
  fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b
- SSDEEP
  
  96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4