guloader | 0e3390f3f7bd283296ca3ee73ba5d9cb76d5132ed7d7c17e97789478a8a2f27b | Triage

Sharing

General

Target

documentacin2343343.exe
Size

622KB
Sample

250213-nk8sgsxkdk
MD5

ff0fdae83407b8ff69f9c665bab0d7d4
SHA1

a6f10986b185a604dd458b9f535a01e3d325bcc2
SHA256

0e3390f3f7bd283296ca3ee73ba5d9cb76d5132ed7d7c17e97789478a8a2f27b
SHA512

72037c874b127b7eeb54594381041fb540185900ab5b937088741ee24750d4fcce7f8df31f753462a302b278ce0799f8c9d22bd315422cb633debc849f800615
SSDEEP

6144:EMfH1u0K3oXxwoNkz0/KIoGCOGnghGX6uR3RAIGU64AYMAZr46rflS3ruftqQeEa:Zhqqxf4VI1pfuqUqYMAxlpKvQeD7+e

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  documentacin2343343.exe
- Size
  
  622KB
- MD5
  
  ff0fdae83407b8ff69f9c665bab0d7d4
- SHA1
  
  a6f10986b185a604dd458b9f535a01e3d325bcc2
- SHA256
  
  0e3390f3f7bd283296ca3ee73ba5d9cb76d5132ed7d7c17e97789478a8a2f27b
- SHA512
  
  72037c874b127b7eeb54594381041fb540185900ab5b937088741ee24750d4fcce7f8df31f753462a302b278ce0799f8c9d22bd315422cb633debc849f800615
- SSDEEP
  
  6144:EMfH1u0K3oXxwoNkz0/KIoGCOGnghGX6uR3RAIGU64AYMAZr46rflS3ruftqQeEa:Zhqqxf4VI1pfuqUqYMAxlpKvQeD7+e
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Downloads MZ/PE file
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  7af1e33d85459fbd2cf7ef29d7528e9e
- SHA1
  
  8a90d81eeabd6886e5b5985d3d10e3f435ccf00d
- SHA256
  
  958b118ec87610f25232eb6257168bdbbf210cf2511bf38fb54bf4ffc908abb2
- SHA512
  
  1aa61538a5fec5bb27dca4305f4b856446e032321f55f26c5e949bb125220a4c319c51c2050697cda6c39ba784eaf2f041ee742f57d3e2e8a6e9f6ec96007145
- SSDEEP
  
  48:im1esjq8W2MPUptuMMFvx/om/ycNSCwVGfOY0vB6/JvR0Jjof5d2D:F12Bl91Z7/ycNSCwV8TLZR0wd2
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  375e8a08471dc6f85f3828488b1147b3
- SHA1
  
  1941484ac710fc301a7d31d6f1345e32a21546af
- SHA256
  
  4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78
- SHA512
  
  5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8
- SSDEEP
  
  192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6