guloader | 1e3400269bb6d96dd3029758c87bf265fc9b45eb91446da8eb1ee591a9bb2a7b | Triage

Submit
Reports

Overview

overview

Static

static

1

Welfab%20E...29.zip

windows10-2004-x64

Sharing

General

Target

Welfab%20Engineering%20Works%20Sdn%20Bhd%20%28605812-D%29.zip
Size

502KB
Sample

241127-kzfhpstlfm
MD5

ce2ad77d561441eba07723e8b91fe46a
SHA1

615a8b0a351db8d1188c29fa84b7230baddd3646
SHA256

1e3400269bb6d96dd3029758c87bf265fc9b45eb91446da8eb1ee591a9bb2a7b
SHA512

0b969c161a943426de284605f78d8b5c7c32f6eeec318417397a30de761c0c9f5605a3151195bc10292dbe05febddf00e814e85952e6fb005cabd07f8c9b7f12
SSDEEP

12288:ga9wb2sRWwxk+bC5h3Im1BvtI3MJeTEbU+JN0:wxWwxFbm3ImdI36egbU+0

Score

10^/10

guloader discovery downloader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

Welfab%20Engineering%20Works%20Sdn%20Bhd%20%28605812-D%29.zip

Resource

win10v2004-20241007-en

guloader discovery downloader persistence upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Welfab%20Engineering%20Works%20Sdn%20Bhd%20%28605812-D%29.zip
- Size
  
  502KB
- MD5
  
  ce2ad77d561441eba07723e8b91fe46a
- SHA1
  
  615a8b0a351db8d1188c29fa84b7230baddd3646
- SHA256
  
  1e3400269bb6d96dd3029758c87bf265fc9b45eb91446da8eb1ee591a9bb2a7b
- SHA512
  
  0b969c161a943426de284605f78d8b5c7c32f6eeec318417397a30de761c0c9f5605a3151195bc10292dbe05febddf00e814e85952e6fb005cabd07f8c9b7f12
- SSDEEP
  
  12288:ga9wb2sRWwxk+bC5h3Im1BvtI3MJeTEbU+JN0:wxWwxFbm3ImdI36egbU+0
Score

10^/10

guloader discovery downloader persistence upx
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderpersistenceupx

© 2018-2024

Terms | Privacy