guloader | 53d1be737d25b9bf45fec95665582a569b3e2fee7f9e188cacec22b0ff212093 | Triage

Sharing

General

Target

53d1be737d25b9bf45fec95665582a569b3e2fee7f9e188cacec22b0ff212093N.exe
Size

1010KB
Sample

241216-pxnhra1qap
MD5

99815ed08ddbc13eb635f1a2534cbfb0
SHA1

bbf3c832c86a824e5fc7c63a9007c4eab1c38470
SHA256

53d1be737d25b9bf45fec95665582a569b3e2fee7f9e188cacec22b0ff212093
SHA512

5bd32be0d83a0c6e531256ba98ae8f8d7b6803c540f5af409212e79cdd72e8cded4ebae6e3bf8f0f68841aeb0b37f342cdbd29791c47469d0f13abee1a00ce72
SSDEEP

24576:pTqMPCpufeCqenzhTRfX6ahX1DCb+H+JKjZMWSg:pTZPCwfeEnxRXhXNCqpVM5g

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  53d1be737d25b9bf45fec95665582a569b3e2fee7f9e188cacec22b0ff212093N.exe
- Size
  
  1010KB
- MD5
  
  99815ed08ddbc13eb635f1a2534cbfb0
- SHA1
  
  bbf3c832c86a824e5fc7c63a9007c4eab1c38470
- SHA256
  
  53d1be737d25b9bf45fec95665582a569b3e2fee7f9e188cacec22b0ff212093
- SHA512
  
  5bd32be0d83a0c6e531256ba98ae8f8d7b6803c540f5af409212e79cdd72e8cded4ebae6e3bf8f0f68841aeb0b37f342cdbd29791c47469d0f13abee1a00ce72
- SSDEEP
  
  24576:pTqMPCpufeCqenzhTRfX6ahX1DCb+H+JKjZMWSg:pTZPCwfeEnxRXhXNCqpVM5g
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/AdvSplash.dll
- Size
  
  6KB
- MD5
  
  1871af84805057b5ebc05ee46b56625d
- SHA1
  
  50e1c315ad30f5f3f300c7cd9dd0d5d626fe0167
- SHA256
  
  62b3db0446750ca9fd693733eec927acc1f50012a47785343286e63b650b7621
- SHA512
  
  c1979ee98dfdb807776c439218528d80b4b244a87e692f1538e40f9c2c82db8b77485eb1429325b6f44419bf1f4cd454e43ff381eff077a8b4f4d9eb0d7e54d4
- SSDEEP
  
  96:kIUNaXnnXyEIPtXvZhr5RwiULuxDtJz+wolpE:kIx3XyEwXvZh1RwnLUDth+I
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  564bb0373067e1785cba7e4c24aab4bf
- SHA1
  
  7c9416a01d821b10b2eef97b80899d24014d6fc1
- SHA256
  
  7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
- SHA512
  
  22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
- SSDEEP
  
  192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  48f3e7860e1de2b4e63ec744a5e9582a
- SHA1
  
  420c64d802a637c75a53efc8f748e1aede3d6dc6
- SHA256
  
  6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156
- SHA512
  
  28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583
- SSDEEP
  
  96:oFsvUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YuNqkzfS:oFsvWyNO81b8pCHFcM0PuAgkOywIFc
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  4c77a65bb121bb7f2910c1fa3cb38337
- SHA1
  
  94531e3c6255125c1a85653174737d275bc35838
- SHA256
  
  5e66489393f159aa0fd30b630bb345d03418e9324e7d834b2e4195865a637cfe
- SHA512
  
  df50eadf312469c56996c67007d31b85d00e91a4f40355e786536fc0336ac9c2fd8ad9df6e65ab390cc6f031aca28c92212ea23cc40eb600b82a63be3b5b8c04
- SSDEEP
  
  96:JXmkmwmHDqaRrlfAF4IUIqhmKv6vBckXK9wSBl8gvElHturnNQaSGYuHr2DCP:JAjRrlfA6Nv6eWIElNurnNQZGdHc
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10