guloader | d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052 | Triage

Submit
Reports

Overview

overview

Static

static

1

d2466a6cb1...52.exe

windows7-x64

7

d2466a6cb1...52.exe

windows10-2004-x64

Sharing

General

Target

d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052.exe
Size

716KB
Sample

241120-qgjqas1rbl
MD5

79e6e747664d222e92b6cc8fff6ad012
SHA1

4915fc50dc5b59e8da01f981640d735960612185
SHA256

d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052
SHA512

53dfd854a5b55171dfd15d824163745aa061dc66f100253dbb9f1e7d0ff26e824bd5c720bee6fbe2a932dac2f1166b24ea070a602bfe8f507269afda42aa4bbb
SSDEEP

12288:7rgjBLiIK2WVy/YqpuL9uOUqTHF3WORPvJ2ugcYEjMwcT/hXmmwMRzcLSIHMqF:70jBiIK2R/5puhuTqbFNpnVMwkXjZcWW

Score

10^/10

guloader discovery downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052.exe

Resource

win10v2004-20241007-en

guloader discovery downloader

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052.exe
- Size
  
  716KB
- MD5
  
  79e6e747664d222e92b6cc8fff6ad012
- SHA1
  
  4915fc50dc5b59e8da01f981640d735960612185
- SHA256
  
  d2466a6cb196042b1584959065b5ccb4d5f3eff5687ed2f1215095ffea3ed052
- SHA512
  
  53dfd854a5b55171dfd15d824163745aa061dc66f100253dbb9f1e7d0ff26e824bd5c720bee6fbe2a932dac2f1166b24ea070a602bfe8f507269afda42aa4bbb
- SSDEEP
  
  12288:7rgjBLiIK2WVy/YqpuL9uOUqTHF3WORPvJ2ugcYEjMwcT/hXmmwMRzcLSIHMqF:70jBiIK2R/5puhuTqbFNpnVMwkXjZcWW
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

© 2018-2024

Terms | Privacy