guloader | 0a8ff64746da744aa38e9fc9365d3f64dc456745300412ab15511f8e0484d30b | Triage

Sharing

General

Target

0a8ff64746da744aa38e9fc9365d3f64dc456745300412ab15511f8e0484d30b.exe
Size

168KB
Sample

241202-g2n13ssrhy
MD5

d051b2db07d9ecd41b3ce1b3c98912d2
SHA1

95c7ad344e805f3b6dc82836fb9ef17c1d3d01e0
SHA256

0a8ff64746da744aa38e9fc9365d3f64dc456745300412ab15511f8e0484d30b
SHA512

db4d58b294b3d452fb761c448b4bf6f35c89ae8715497097ca647a7fd0708630ebd28e772274e1b486798cabfac0709869acd613172579fe8cd28c1df460dff2
SSDEEP

3072:PPjxQCdIyVliXEcmIVk4wrWtdkwxWrEm7dl561Sv9EilT0vHKDp0PXjcGQ1R:PDfeitwxKPziSv9EilTOHKDWPTcGqR

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  0a8ff64746da744aa38e9fc9365d3f64dc456745300412ab15511f8e0484d30b.exe
- Size
  
  168KB
- MD5
  
  d051b2db07d9ecd41b3ce1b3c98912d2
- SHA1
  
  95c7ad344e805f3b6dc82836fb9ef17c1d3d01e0
- SHA256
  
  0a8ff64746da744aa38e9fc9365d3f64dc456745300412ab15511f8e0484d30b
- SHA512
  
  db4d58b294b3d452fb761c448b4bf6f35c89ae8715497097ca647a7fd0708630ebd28e772274e1b486798cabfac0709869acd613172579fe8cd28c1df460dff2
- SSDEEP
  
  3072:PPjxQCdIyVliXEcmIVk4wrWtdkwxWrEm7dl561Sv9EilT0vHKDp0PXjcGQ1R:PDfeitwxKPziSv9EilTOHKDWPTcGqR
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader