guloader | d6fd8513b81bcd1e93d35aa7a35899425ea69064df83f653dd20cded35cfaa24 | Triage

Sharing

General

Target

JaffaCakes118_d6fd8513b81bcd1e93d35aa7a35899425ea69064df83f653dd20cded35cfaa24
Size

2.9MB
Sample

241221-xlqsqswpbw
MD5

5ec558c8995e925e771e1f917e725b00
SHA1

61c09d8c781df0d549fccbe9449d5d8256d9f0db
SHA256

d6fd8513b81bcd1e93d35aa7a35899425ea69064df83f653dd20cded35cfaa24
SHA512

975445bb3bde83a6f4a257433c20365e714ae419ba61e2bb3f773afc43838e691c01fd599959231493e32023941165138f8fe1b95625e8f3d898fd33f4782cc9
SSDEEP

49152:QEjt0Pj3G8/WTIL1CNfoAjOBWXww9JTyEaYBgI/YOO2ys5X5naxITljU2CVkJ8Tt:QEJmW8p4oeOQAcXhtYOO2ys5paxsjQkM

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  (Subcontracting works_ Equipment's or Services)Letter of Invitation-NFS_Rev.1_HDEC.SAIPEM.CTCI.docx
- Size
  
  124KB
- MD5
  
  531bc0db4cf0cd5a0cea43bc789d0308
- SHA1
  
  1141388d6724735bd56747b70360f8710efcf17c
- SHA256
  
  a639970a59c976630d7df003fac23595d92f4080dd1988419e6a3f81bbcfdc60
- SHA512
  
  3c6e358b14c23cb0f5dded2a11a1c7abebaf5e856a8dcdbf21fc2e04c12d09e8b60593cfbf5bed2bf03c219ec284e144bceb0069bcc840bbc97f136fd67102b5
- SSDEEP
  
  3072:2M9We1JsXa+4RDsgQZcdmdm0Sw+z5BrrlMEk1fzYmUf:2q1JsXa3DzQeJD/sr0
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  RFQ_SPC-NFS PJT-GR-GROUP-SC-PRO_GTC-111-E-rev0.exe
- Size
  
  587KB
- MD5
  
  e94d255f7f6acbe494fea1d2a76bbd88
- SHA1
  
  2e64f3988b0c8319b9a12b629d3a798d42ebe6aa
- SHA256
  
  949bf171fa44cea2a7786a589645df949898aab88b75ea9df2c01eba342f2e04
- SHA512
  
  ce9f232e5b01edf124fda926bf79aa53366d21fef3bcc6d128dbbe21b68842cf6cf6105a6f56bf2688e0eac7f9319b54539e27c187268a03fec473b24fa4ffcd
- SSDEEP
  
  6144:gIw3TQ6ZVuhLgCFZnOLP8O44gJUMb3NAs0bpC5T5HLP845ZrCZPVTVnFZbR4uFhg:KQ6ZVu2AeL699zbcfpj5esIRuG
Score

7^/10

discovery
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  GDesktopEnums-3.0.typelib
- Size
  
  1KB
- MD5
  
  5343c1a8b203c162a3bf3870d9f50fd4
- SHA1
  
  04b5b886c20d88b57eea6d8ff882624a4ac1e51d
- SHA256
  
  dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
- SHA512
  
  e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Honer/Ocularist/Theogony/Tillagdes/dotnet.exe
- Size
  
  132KB
- MD5
  
  6e70975b72eec98df698ba21b2345dac
- SHA1
  
  5849a5292b0c3035119932429b6685ce1ee7a36f
- SHA256
  
  22535f957d907c21d611d59ef7c93c4e892584489ae3c6eb901ea2d979921173
- SHA512
  
  ca90d10546b4731b169d39cb16cca46d9c0931942895885d49ddf3e76949269921e15cfdc5ffe8d793f844e2fb7d0c8899128565a864ed4b9a616a74a06d4a6b
- SSDEEP
  
  3072:7WTSIoXkZA/gwAxnretVuiJXW0tm4vw6JAJ4GmmwCl:7WTSIoXaxnrmDJmt4vw6c4Dg
Score

1^/10
behavioral10 behavioral9
- Target
  
  Honer/Ocularist/Theogony/Tillagdes/uMMC.dll
- Size
  
  680KB
- MD5
  
  47100029fb3fb4cd9d841a24e4596123
- SHA1
  
  c4cc7c4b9e0e55f5078fc8f9d5ace7e317712d7b
- SHA256
  
  cdd649c7d2ac347b13d4c262cb1d500bac47cbfa7731d2f6d2f49c2e79165fc3
- SHA512
  
  5bf73992051b099f80c7c2b347ea7e33f65357ee1eadf9c8e1309247286a7fd78fdd894f4cf787dcc624282f10c82fbf9d3157d6dcc188bb98ffc997bd1cf462
- SSDEEP
  
  12288:W2Xkx72piBkGwoNGobkZto0c0E0j/Sz3DzqaJcE6SKT2RNd2ZdQ/J8EFN5BFm6cU:DX5iBFrGiB
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  RFQ_package for-Quality specs-rev0.exe
- Size
  
  592KB
- MD5
  
  a08f6db49e14e9e2be0eb5228636adc2
- SHA1
  
  cf18f7e6a6600949ab0eeacfb2533e0adac21942
- SHA256
  
  3b2827d7692e9324b81a858367060f21cf89810033c65db07cc3a4efdb5a055f
- SHA512
  
  632ddb59e604ef0f46578a0015a6e74655058092722c7719bfd7b0cf689888a8bf80034ceb456e4792123ac8ae368bba6ab220369e51ae8ebd8aaf9723b1abdb
- SSDEEP
  
  12288:qQ6ZVl5pODnwTHvFlh0jKBAni0ZUoWangUhfIC+Ug:qQ6ZVdODATh5bnUny
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Delsystems/Maskeprogrammeret/uMMC.dll
- Size
  
  680KB
- MD5
  
  47100029fb3fb4cd9d841a24e4596123
- SHA1
  
  c4cc7c4b9e0e55f5078fc8f9d5ace7e317712d7b
- SHA256
  
  cdd649c7d2ac347b13d4c262cb1d500bac47cbfa7731d2f6d2f49c2e79165fc3
- SHA512
  
  5bf73992051b099f80c7c2b347ea7e33f65357ee1eadf9c8e1309247286a7fd78fdd894f4cf787dcc624282f10c82fbf9d3157d6dcc188bb98ffc997bd1cf462
- SSDEEP
  
  12288:W2Xkx72piBkGwoNGobkZto0c0E0j/Sz3DzqaJcE6SKT2RNd2ZdQ/J8EFN5BFm6cU:DX5iBFrGiB
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  GDesktopEnums-3.0.typelib
- Size
  
  1KB
- MD5
  
  5343c1a8b203c162a3bf3870d9f50fd4
- SHA1
  
  04b5b886c20d88b57eea6d8ff882624a4ac1e51d
- SHA256
  
  dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
- SHA512
  
  e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  dotnet.exe
- Size
  
  132KB
- MD5
  
  6e70975b72eec98df698ba21b2345dac
- SHA1
  
  5849a5292b0c3035119932429b6685ce1ee7a36f
- SHA256
  
  22535f957d907c21d611d59ef7c93c4e892584489ae3c6eb901ea2d979921173
- SHA512
  
  ca90d10546b4731b169d39cb16cca46d9c0931942895885d49ddf3e76949269921e15cfdc5ffe8d793f844e2fb7d0c8899128565a864ed4b9a616a74a06d4a6b
- SSDEEP
  
  3072:7WTSIoXkZA/gwAxnretVuiJXW0tm4vw6JAJ4GmmwCl:7WTSIoXaxnrmDJmt4vw6c4Dg
Score

1^/10
behavioral21 behavioral22
- Target
  
  RFQ_package for_CONTR AWD-Order Specs-rev0.exe
- Size
  
  598KB
- MD5
  
  8fcb5654804a9fb4b282f51ac51a5f3e
- SHA1
  
  f210912ce599534d0f4e42511699c8f3476854db
- SHA256
  
  24f13475e0a822f7627d550b771e5c0a8bfe542fe59744f3db26a6b69ea60e2f
- SHA512
  
  423b6c35bd472f359ea008ad9c8814ab3330219311a9b9e0d101e6cb565ae93f6dd67a9d6596b73afa364b21df2171d51f6c0aa570735df91f4e8539c1fefa9a
- SSDEEP
  
  12288:VQ6ZVHToIvQl0UgJqMhfq1HW1eLDBCVNv1Izxt/:VQ6ZVzoIvQhgfIHoeLDMLtIzH
Score

7^/10

discovery
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  Drmnds/Dalaga/Plderer/Ethverts40/dotnet.exe
- Size
  
  132KB
- MD5
  
  6e70975b72eec98df698ba21b2345dac
- SHA1
  
  5849a5292b0c3035119932429b6685ce1ee7a36f
- SHA256
  
  22535f957d907c21d611d59ef7c93c4e892584489ae3c6eb901ea2d979921173
- SHA512
  
  ca90d10546b4731b169d39cb16cca46d9c0931942895885d49ddf3e76949269921e15cfdc5ffe8d793f844e2fb7d0c8899128565a864ed4b9a616a74a06d4a6b
- SSDEEP
  
  3072:7WTSIoXkZA/gwAxnretVuiJXW0tm4vw6JAJ4GmmwCl:7WTSIoXaxnrmDJmt4vw6c4Dg
Score

1^/10
behavioral27 behavioral28
- Target
  
  Greatheart/Appendicectomy/GDesktopEnums-3.0.typelib
- Size
  
  1KB
- MD5
  
  5343c1a8b203c162a3bf3870d9f50fd4
- SHA1
  
  04b5b886c20d88b57eea6d8ff882624a4ac1e51d
- SHA256
  
  dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
- SHA512
  
  e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  Multihandicappede/Vifters/uMMC.dll
- Size
  
  680KB
- MD5
  
  47100029fb3fb4cd9d841a24e4596123
- SHA1
  
  c4cc7c4b9e0e55f5078fc8f9d5ace7e317712d7b
- SHA256
  
  cdd649c7d2ac347b13d4c262cb1d500bac47cbfa7731d2f6d2f49c2e79165fc3
- SHA512
  
  5bf73992051b099f80c7c2b347ea7e33f65357ee1eadf9c8e1309247286a7fd78fdd894f4cf787dcc624282f10c82fbf9d3157d6dcc188bb98ffc997bd1cf462
- SSDEEP
  
  12288:W2Xkx72piBkGwoNGobkZto0c0E0j/Sz3DzqaJcE6SKT2RNd2ZdQ/J8EFN5BFm6cU:DX5iBFrGiB
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

guloaderdiscoverydownloader

behavioral14

guloaderdiscoverydownloader

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32