guloader | dc221854c9102e1b98cd34e1dd075894e729e2b42634382baca6f35be94875bb | Triage

Sharing

General

Target

dc221854c9102e1b98cd34e1dd075894e729e2b42634382baca6f35be94875bb
Size

590KB
Sample

241114-dv7m3atgkr
MD5

e0072e8f6e8166cda1c0b3fed59f7ed0
SHA1

bbc5b0bced26273db1261557f503537ae93911d8
SHA256

dc221854c9102e1b98cd34e1dd075894e729e2b42634382baca6f35be94875bb
SHA512

f9b497038002d46990681af2410983c90e81f86803b433671accecc292e8b7ec0040345ae3c1215dd83caee97f6347b3d4b3e6eba24540d300451224e8b19889
SSDEEP

12288:V5RPxLcMMvMMMMMMMMMMMMMMtMMMMMMMMMMMMMMMMMMRKz7y1CHhW8SilZJfWGkl:pPxLcMMvMMMMMMMMMMMMMMtMMMMMMMMf

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  dc221854c9102e1b98cd34e1dd075894e729e2b42634382baca6f35be94875bb
- Size
  
  590KB
- MD5
  
  e0072e8f6e8166cda1c0b3fed59f7ed0
- SHA1
  
  bbc5b0bced26273db1261557f503537ae93911d8
- SHA256
  
  dc221854c9102e1b98cd34e1dd075894e729e2b42634382baca6f35be94875bb
- SHA512
  
  f9b497038002d46990681af2410983c90e81f86803b433671accecc292e8b7ec0040345ae3c1215dd83caee97f6347b3d4b3e6eba24540d300451224e8b19889
- SSDEEP
  
  12288:V5RPxLcMMvMMMMMMMMMMMMMMtMMMMMMMMMMMMMMMMMMRKz7y1CHhW8SilZJfWGkl:pPxLcMMvMMMMMMMMMMMMMMtMMMMMMMMf
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  dd87a973e01c5d9f8e0fcc81a0af7c7a
- SHA1
  
  c9206ced48d1e5bc648b1d0f54cccc18bf643a14
- SHA256
  
  7fb0f8d452fefaac789986b933df050f3d3e4feb8a8d9944ada995f572dcdca1
- SHA512
  
  4910b39b1a99622ac8b3c42f173bbe7035ac2f8d40c946468e7db7e2868a2da81ea94da453857f06f39957dd690c7f1ba498936a7aaa0039975e472376f92e8f
- SSDEEP
  
  192:VFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/993:97pJp48F2exrg5F/9
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Pissant.Oth
- Size
  
  307KB
- MD5
  
  94eadbf91852b8c94fc8d0573686e6ac
- SHA1
  
  d5dbfac6ae55acdd19d0eb76600abc1f58af4915
- SHA256
  
  79cf086ab60ead9bcf17a5a1b11aaae3ccf6a1307031332cd9aa82ecb59cce35
- SHA512
  
  90fd1bb36de7e7ea084c7bd89372032a19eb58eefdabcaf2b56b3002b367399f25b642069ba57f5173d1253f50964c068d0f81da3dc760c4cfdac6e4958edbde
- SSDEEP
  
  6144:jXM5ZpeaorwXv7HauPpHmSq9rIkUxFRoJyNXaLjG+PUZF/dnwQ:DM5ZpywXvbaupI+vRcyNXa5PGFx
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6