guloader | 3d3752119fed970cc7e132848158f6193e8ce7f9e0a6c23f50b56c002d57de3a | Triage

Sharing

General

Target

3d3752119fed970cc7e132848158f6193e8ce7f9e0a6c23f50b56c002d57de3a.exe
Size

136KB
Sample

241123-wv5gtawlam
MD5

a33dae9378ae60792b7a379d35c3d72d
SHA1

33bd58b106f79dbafc21eea039ede3f3c8ae5bfe
SHA256

3d3752119fed970cc7e132848158f6193e8ce7f9e0a6c23f50b56c002d57de3a
SHA512

a1ca4811a4c3f77cc264d5282775f9d38029320e4b2eabbce6b373d81f1ceb554a0f4a4bb6eda9675c78a036acde9ad381ea201b618a0f1d44a3ba9ca567ab66
SSDEEP

1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3vu:ll1OogjVnQCia/lAYViu

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  3d3752119fed970cc7e132848158f6193e8ce7f9e0a6c23f50b56c002d57de3a.exe
- Size
  
  136KB
- MD5
  
  a33dae9378ae60792b7a379d35c3d72d
- SHA1
  
  33bd58b106f79dbafc21eea039ede3f3c8ae5bfe
- SHA256
  
  3d3752119fed970cc7e132848158f6193e8ce7f9e0a6c23f50b56c002d57de3a
- SHA512
  
  a1ca4811a4c3f77cc264d5282775f9d38029320e4b2eabbce6b373d81f1ceb554a0f4a4bb6eda9675c78a036acde9ad381ea201b618a0f1d44a3ba9ca567ab66
- SSDEEP
  
  1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3vu:ll1OogjVnQCia/lAYViu
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader