guloader | 73185ca722aaf23e411b426b81a98252eb2b01f6a627a2f23f39fa720b627ef5 | Triage

Sharing

General

Target

PO-RFQ-824-URGENT-SUPPLY.com.exe
Size

634KB
Sample

241202-qfjc5svlfy
MD5

9fb87b191acd735806406f58b4b75642
SHA1

36720914dea91065657aa385b9c6b53d797c6a04
SHA256

73185ca722aaf23e411b426b81a98252eb2b01f6a627a2f23f39fa720b627ef5
SHA512

265be0285bdb176516d4fe620b2556defa6a5e02cf63b92647bd5b8445b2147b22ac05b2149a1201d771f904462c3f3290d62daa0c899774bd1599af67cbe644
SSDEEP

12288:2ZPsXk8zK2RKIkMuy3SLS2bKuWdTukT5COHbZrCsTx6I+0e:CWhRJkM7SxWYuC4bDTxX+0e

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  PO-RFQ-824-URGENT-SUPPLY.com.exe
- Size
  
  634KB
- MD5
  
  9fb87b191acd735806406f58b4b75642
- SHA1
  
  36720914dea91065657aa385b9c6b53d797c6a04
- SHA256
  
  73185ca722aaf23e411b426b81a98252eb2b01f6a627a2f23f39fa720b627ef5
- SHA512
  
  265be0285bdb176516d4fe620b2556defa6a5e02cf63b92647bd5b8445b2147b22ac05b2149a1201d771f904462c3f3290d62daa0c899774bd1599af67cbe644
- SSDEEP
  
  12288:2ZPsXk8zK2RKIkMuy3SLS2bKuWdTukT5COHbZrCsTx6I+0e:CWhRJkM7SxWYuC4bDTxX+0e
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Native.Scr
- Size
  
  435KB
- MD5
  
  9235d32bb764363786895f9ffa0d994c
- SHA1
  
  393c7b344a30d8dc1ce67641f71bd7608bc05ba1
- SHA256
  
  5774835f183440bf2aad498411292ff1b8fcd23b30a15eb7c950222af86a03d0
- SHA512
  
  1a93647c73026ff7cc63df5300ec4c77d63e52a049fd26445ddeaf971d6767783f0ece99dc5be839602f905b9758f59e0b4d90850f077ba7627b3e43d7ba8f81
- SSDEEP
  
  1536:05tRxm6vPNhlA6EgabaXwYpxe4+S3RL417DMjxY/ZsIlGIPLjCBcwVo1MWmtIUUh:6wyRAo2o2xtiGs13Ogl+zozjDiTd
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6