guloader | ceb4c98e16542d62830e3cfc3267522c208bd92c9a0ee0c8b715ecf1f63c2a26 | Triage

Sharing

General

Target

376ba06feee16467464fb8a765830c17b65e49f38d07369db1a0eb586fa6ae20.zip
Size

653KB
Sample

241119-2fzkxayqaq
MD5

674cd14a1ae0b9a3671d68ebfe3c990c
SHA1

0bb4d2e84a4be863447af67db7cf0f4720d59e7e
SHA256

ceb4c98e16542d62830e3cfc3267522c208bd92c9a0ee0c8b715ecf1f63c2a26
SHA512

9529f19bf747b7e9f21857ca625cfacaf75d9338f747927df283bca0ad80bb575a84dda3a0f301a8b78a1a9d24947cc86c5505b33272d31e1fbd2c84376ef783
SSDEEP

12288:hGrJgIwQuBTDRqpD0wiEq6DY0dv5/n+iHsu1JV5xQpBl9/Us:ArJgX1/RNwiEqBu4gpMfl9cs

Score

10^/10

guloader discovery downloader execution macos

Malware Config

Targets

- Target
  
  PO 00009876660887666000.bat
- Size
  
  756KB
- MD5
  
  a17e477f9d45342182f01cac527c0c1f
- SHA1
  
  403e5d7d981f01b967e36dd98e06e70c9d7acf0c
- SHA256
  
  783b5b92ea44666e1521eed1d7688f1bdf9044e83ac39258f9905397f52677dd
- SHA512
  
  d3d8d4cf712a175ca0d61b44cab482d49166c15228c04c5c1da0984f80c40a9f848a2407f8696a660d6567ee1ee7468bbd95b1876f891be68a5028a2477c849a
- SSDEEP
  
  12288:52SLJDgeOPVpmYLlKmxvIv2NeXLoSIlAz44XsZZqStdNx57YDXmpcD:5hLJwrmSsmqv2Ne7oSZMX7jftYD2uD
Score

10^/10

discovery execution guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  3d366250fcf8b755fce575c75f8c79e4
- SHA1
  
  2ebac7df78154738d41aac8e27d7a0e482845c57
- SHA256
  
  8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6
- SHA512
  
  67d2d88de625227ccd2cb406b4ac3a215d1770d385c985a44e2285490f49b45f23ce64745b24444e2a0f581335fda02e913b92781043e8dfd287844435ba9094
- SSDEEP
  
  96:cjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNG3m+s:9bogRtJzTlNR8qD85uGgmkNP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Ergmeter/Lakkendes.app
- Size
  
  385KB
- MD5
  
  da3ed908344193898556f3c139bf7749
- SHA1
  
  64df38add6696bd80a8b49ec323d3ea0f2104a73
- SHA256
  
  e4e9cb0519f421b4e7c3ce98cc3593e0f7132d03e77bbf4c9c7ac79f6a0c91ff
- SHA512
  
  8abaa18591073c4713020ce472ec63ba7a11972b37122a61664b839bcf7e6ae3dd5fc50c7182bff81c2c8a1e3f5efd3b0b4d2276902a29e6142308c9ec6c2560
- SSDEEP
  
  768:h3SB1CIjuzltYBN+qSQ8kFxVWUyCVQMHsQUYc6lQsscOykwQrT0YKMZp/Z+yItJI:kBgUOUVBXQkR4ZshtODlHZGx3Pjl5+
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

guloaderdiscoverydownloaderexecution

behavioral3

behavioral4

behavioral5