guloader | 859571a129deed67ebc60c7e2e5d48b1e1282121e11d1d696e9cac88fa7c3643 | Triage

Resubmissions

24-10-2024 15:47

241024-s77adswhlp 10

24-10-2024 15:44

241024-s6mvcs1flg 10

Sharing

General

Target

PTHAV002_2024-10-24_15_43_35.016.zip
Size

787KB
Sample

241024-s77adswhlp
MD5

5a2c6cfffcac05ee6c740c0f7565375e
SHA1

a097fa2843dd14bcfb671e65d2a6c1609cc583fd
SHA256

859571a129deed67ebc60c7e2e5d48b1e1282121e11d1d696e9cac88fa7c3643
SHA512

2a29df18728198eef81a8c568e81d47aad79826d38f15aad54be5c260a9528a2a86ebb4a3126a15a127efff5cbee21765abac51fd83a0b84889858ef1971f197
SSDEEP

24576:n/JgJcJ7c3Zd02xS3KNcFz3As/MFdL4qNj:nhgJc5cpd02x9cFzzYXNj

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  PTHAV002_2024-10-24_15_43_35.016.zip
- Size
  
  787KB
- MD5
  
  5a2c6cfffcac05ee6c740c0f7565375e
- SHA1
  
  a097fa2843dd14bcfb671e65d2a6c1609cc583fd
- SHA256
  
  859571a129deed67ebc60c7e2e5d48b1e1282121e11d1d696e9cac88fa7c3643
- SHA512
  
  2a29df18728198eef81a8c568e81d47aad79826d38f15aad54be5c260a9528a2a86ebb4a3126a15a127efff5cbee21765abac51fd83a0b84889858ef1971f197
- SSDEEP
  
  24576:n/JgJcJ7c3Zd02xS3KNcFz3As/MFdL4qNj:nhgJc5cpd02x9cFzzYXNj
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Device/HarddiskVolume4/Users/belia.peso.IBEROSTARHV.000/AppData/Local/Temp/Rar$EXa7092.35635/factura 563423.exe
- Size
  
  901KB
- MD5
  
  6cb35cad38c80bbb552c99caf75f9371
- SHA1
  
  f1dcc7d9805738aaf1f30b32383674ea30706269
- SHA256
  
  057e7554f7a499adfd2c0a3485675fef4f602b23e2e0a1fd4e07da5b993e4ebf
- SHA512
  
  638594b7228a8e747c34f1ab7916774feaff1ce58e875e64bb28cc6742472a305c5aa06e709ec708aad990d9e78ce828509af8a575b3fe62082699de1bb81734
- SSDEEP
  
  12288:TSlZI9dcNnPmsS7wkJW7DQFeh2FCCMntz6I8128TsXULDh+gDBf6j4Ydcv+l:2lTnpc/J2d2UVf+DLD1BbYGW
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  cf85183b87314359488b850f9e97a698
- SHA1
  
  6b6c790037eec7ebea4d05590359cb4473f19aea
- SHA256
  
  3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac
- SHA512
  
  fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b
- SSDEEP
  
  96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

guloaderdiscoverydownloader

behavioral4

guloaderdiscoverydownloader

behavioral5

behavioral6