guloader | d2473f318c1386699bdd8442cfe5455d44e18ec23d4b2482ffc82c7c227ab9ad | Triage

Sharing

General

Target

d2473f318c1386699bdd8442cfe5455d44e18ec23d4b2482ffc82c7c227ab9ad.exe
Size

418KB
Sample

241113-dfrcjavjfx
MD5

0b813c3349387a69277d7f8a0d20fe3d
SHA1

d0c4aa5fffba33d1f7c9c184cd3acb90f6a75650
SHA256

d2473f318c1386699bdd8442cfe5455d44e18ec23d4b2482ffc82c7c227ab9ad
SHA512

d3b46abc8583f2a12c4e202392e97679147c5d1a691e1525bcf771f89902902740e503f5856574c5e7b8ad1303036485193f48f989201cf25a1ca08c79dc8c34
SSDEEP

12288:F4FAe+jtbt1JcAfGWpfnuayZzCeFPEG6w//j:YAe+jtbt1JcAlnnGC+R/j

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  d2473f318c1386699bdd8442cfe5455d44e18ec23d4b2482ffc82c7c227ab9ad.exe
- Size
  
  418KB
- MD5
  
  0b813c3349387a69277d7f8a0d20fe3d
- SHA1
  
  d0c4aa5fffba33d1f7c9c184cd3acb90f6a75650
- SHA256
  
  d2473f318c1386699bdd8442cfe5455d44e18ec23d4b2482ffc82c7c227ab9ad
- SHA512
  
  d3b46abc8583f2a12c4e202392e97679147c5d1a691e1525bcf771f89902902740e503f5856574c5e7b8ad1303036485193f48f989201cf25a1ca08c79dc8c34
- SSDEEP
  
  12288:F4FAe+jtbt1JcAfGWpfnuayZzCeFPEG6w//j:YAe+jtbt1JcAlnnGC+R/j
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b0c77267f13b2f87c084fd86ef51ccfc
- SHA1
  
  f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
- SHA256
  
  a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
- SHA512
  
  f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
- SSDEEP
  
  192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Bluetooth Suite help_HUN.chm
- Size
  
  63KB
- MD5
  
  3051a739bb5569a4740b65aa4fa59f9e
- SHA1
  
  4f89dee584612e3cdbbb9d766cbddeca65708058
- SHA256
  
  098fce4f92a83a100b0b9b65d2d44d17d2c81ac688bfc5f650e2fdfc61c73d8c
- SHA512
  
  7c7d5218d0cacf01defac68c9e66177305533ab269c0aa7a78b561ff1cd81b40f0a2ad91018f6e0b7eaffa7f289ced53ee34a14a8842ec79cb3d9c6501013bb1
- SSDEEP
  
  1536:2eV+HBqsKGpvyYsR86GHN2G2LA/He8GayXqH1w6oq3Yo:jgHVIr86uNh22He8GRXS1w6oaYo
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6