guloader | c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692 | Triage

Sharing

General

Target

FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
Size

521KB
Sample

250110-gr4nsavkav
MD5

4f2c796aebd02a54ca9bebb0c5bc5ef0
SHA1

558e2f3de9077aaf9159c4fb1633d66c75b14dda
SHA256

c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
SHA512

8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7
SSDEEP

12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
- Size
  
  521KB
- MD5
  
  4f2c796aebd02a54ca9bebb0c5bc5ef0
- SHA1
  
  558e2f3de9077aaf9159c4fb1633d66c75b14dda
- SHA256
  
  c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
- SHA512
  
  8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7
- SSDEEP
  
  12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  e459f344b4a47af2cf15d821f3946724
- SHA1
  
  5df805fcf0a857b98cecca139b2ea99979c8f01e
- SHA256
  
  f4778b8aca1eb5d93d267468589b4bf45b827a50300eb552d796e9dc22ade419
- SHA512
  
  5b8285a166404c73869d5aaa25c5af3544ab4a2f012c5ea1e12b04a1d6fa3d32b4a6857e9fd29dd3c86dd5dc8111e3e86de11bdb5496c1c527ff1bc91bd791bb
- SSDEEP
  
  48:qbrtDVP10LgQL8QRU8IlmWm7WmnuWK8hSemoMqG5QEv8sF9U3ofMU:UVPFQIqlemWm7WmTaehG+EkR
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  637e1fa13012a78922b6e98efc0b12e2
- SHA1
  
  8012d44e42cd6d813ea63d5ccbf190fe72e3c778
- SHA256
  
  703e17d30a91775f8ddc2648b537fc846fad6415589a503a4529c36f60a17439
- SHA512
  
  932ed6a52e89c4fa587a7c0c3903d69cf89a32dbd46ed8dcb251abb6c15192d92b1f624c31f0e4bd3e9bf95fc1a55fdb7cee9dd668e1b4f22ddb95786c063e96
- SSDEEP
  
  192:U4A1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:UYR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6