guloader | 22bdec013954160291c36c833a788b59c40d6758443418cf7a206f549f3d4873 | Triage

Sharing

General

Target

22bdec013954160291c36c833a788b59c40d6758443418cf7a206f549f3d4873
Size

552KB
Sample

241221-tqb9cssphr
MD5

eeb46b7b07db367c5aa16eb2e5272186
SHA1

f470ccab46dc6ae665a15e7e4eeaf38a95eedf83
SHA256

22bdec013954160291c36c833a788b59c40d6758443418cf7a206f549f3d4873
SHA512

43b3140563a4c661e0a2e3eb4847e2cb8de01d8c127be885104898252e27d5ba2829b0423d33e622fb72cb73b307516104eb282ea34793cedfbc1aadad97d31f
SSDEEP

12288:cHb6Eles513ryaAZbNfYBYynjhON5Adbs+nuHHAA:cHplB51bTA7fYBYuOEs+ux

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Doc4736478384775837642_JULY 2022.bin
- Size
  
  620KB
- MD5
  
  e2b4171a7b83f61ae32d10fba0d7316b
- SHA1
  
  15ddef6a5b7b4417693d91003f4a2d03d826d71b
- SHA256
  
  73c90df4f49a9c5cc0b0e848dd4052b26335959618df392912982fd1ea15147b
- SHA512
  
  af096b104a33863acd449a84d1538e4f943d2a14e5c72b01c441019a52691c0ca7bafdec077ebb5290017f4306e1520885270297c0867cbbbea910ce047ab672
- SSDEEP
  
  12288:5bZpw46GMbBMMtJdW/GqEUUt4ysV8ic6SnuyCLIu:5bZpz6GMxdWK8V8icluH
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Tandan7/vm3ddevapi64-stats.dll
- Size
  
  283KB
- MD5
  
  b02a49f388eb67324cb730c9a95bb95a
- SHA1
  
  bd50273568a6cf60ef813e795fc5c44c644f4e1f
- SHA256
  
  a122dbf6e788346be9f602fb34008dea9bda31891b288819d479f70e4aa154a7
- SHA512
  
  8ea06f43c0d0c62295e1f752a2e67ce3379a8e700ed4f9ad5a962915296b7316644917f1893c7ff301b3d5519d827e22da92fcfe20e4e06196c96a97dfbda7ac
- SSDEEP
  
  6144:KOrFH5ad1DK4zpFxa2jzen3PSB5OwLdm/rrLwbq:jrFH5+tdFxa2+n/iOTLwbq
Score

1^/10
behavioral5 behavioral6
- Target
  
  hyperbarbarous/libbz2-1.dll
- Size
  
  96KB
- MD5
  
  fd0b2bd2ae13d41de526b57e435c7fb5
- SHA1
  
  55bb61c011180eaa172a83feefc38d8fe7c5498b
- SHA256
  
  e996e8d18fa41407d80680adb9e416d916f7320e4559485ce3e3e5de811dca1d
- SHA512
  
  d7ebda50787aec915c6e3eab880a01dfc8925166c2cd2c1c70cc8ee505f17117f9e6ae9b1d57048df29bbd8705070618650a09ded64750e422a10e0365afa74e
- SSDEEP
  
  1536:DDrxVw7IsNwmkMdKx711fvsOrTJ7X3OUTT4okcTzn8P8xF3Y:/rxXsNBdKJfUORz9n4cTz8PKF3Y
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8