guloader | 5f6366e20fde275710415f996748edb9f1091c0b0e47bf2ddc91a59ecd90d54c | Triage

Sharing

General

Target

5f6366e20fde275710415f996748edb9f1091c0b0e47bf2ddc91a59ecd90d54cN.exe
Size

854KB
Sample

250208-c2575s1pfk
MD5

c872967e9175a5345d11a0a7ba1a2240
SHA1

1a7a1388ee67fde14c22a38f9a630aecae796272
SHA256

5f6366e20fde275710415f996748edb9f1091c0b0e47bf2ddc91a59ecd90d54c
SHA512

f6d2e5938b450b38e4d311c994afc59093342c5305165380a0dc3bc8491c561d30fc4ca9049861d6df0d466bde1d204e606d71e5a554eadf89c2c6232d235f9e
SSDEEP

12288:wrRquUH6UROvPORRu4B5jPlxxsUzZbhuOWzM6QnVKEYyO/7zieeP:j/H6URd/B5Zxx3zZ9uFzTEKE7Oaeq

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  5f6366e20fde275710415f996748edb9f1091c0b0e47bf2ddc91a59ecd90d54cN.exe
- Size
  
  854KB
- MD5
  
  c872967e9175a5345d11a0a7ba1a2240
- SHA1
  
  1a7a1388ee67fde14c22a38f9a630aecae796272
- SHA256
  
  5f6366e20fde275710415f996748edb9f1091c0b0e47bf2ddc91a59ecd90d54c
- SHA512
  
  f6d2e5938b450b38e4d311c994afc59093342c5305165380a0dc3bc8491c561d30fc4ca9049861d6df0d466bde1d204e606d71e5a554eadf89c2c6232d235f9e
- SSDEEP
  
  12288:wrRquUH6UROvPORRu4B5jPlxxsUzZbhuOWzM6QnVKEYyO/7zieeP:j/H6URd/B5Zxx3zZ9uFzTEKE7Oaeq
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Downloads MZ/PE file
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0063d48afe5a0cdc02833145667b6641
- SHA1
  
  e7eb614805d183ecb1127c62decb1a6be1b4f7a8
- SHA256
  
  ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
- SHA512
  
  71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
- SSDEEP
  
  192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Lib.Core.dll
- Size
  
  532KB
- MD5
  
  cca3c272e115d8902152052a458e84c4
- SHA1
  
  21a728fa9e0da22a5a2e6a6522380698a5440e8e
- SHA256
  
  1aca474dd5ff5855e237d49dc7b5d5e85365ea48af374d97c028f1073d5630f2
- SHA512
  
  2b1acd9fad2e7b80cb518bf5b6e07afb9ea72ee179a4ea5bb6846bf41f03dc5c1f04f801676f4d7a6bdb629ac3f5385d23208f1711f6642298a52ca4d21b04d7
- SSDEEP
  
  12288:fRX1jgD8a33WAhx6uJUraoF4i6iUEvWUEvej:ft9apf6gUmoFRtUEuUEWj
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral5 behavioral6
- Target
  
  Sygevrelser/Bortkastningens/System.ObjectModel.dll
- Size
  
  87KB
- MD5
  
  6165bdd9274b2f70471d816abe74adfc
- SHA1
  
  5e46233a54b434139e82914a122829557f26f18f
- SHA256
  
  d01acb5f4f2b8a858c7503c2b9681b92bd70a70ac3982a3b38ec168ccfaaa910
- SHA512
  
  3cf221a2ff473b4478ba0a1aa38dc1c59c0b68bee9e95e04775257cd9ca6b8f7ef9a6cbd7335d367792f58fcd9482d6ca8f274b9ee62aa1ac100a953086e779c
- SSDEEP
  
  1536:N58gZsIlVk6fmcKnJ8F+p4BdDTGqSIM9/xjPM:NfZsIlVmn2DTG0L
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8