guloader | 77e15415d2427d168202684e80034c83d83230deee10efe86cf07049af98d77c | Triage

Submit
Reports

Overview

overview

Static

static

1

PAGO.cmd

windows7-x64

PAGO.cmd

windows10-2004-x64

Sharing

General

Target

PAGO.cmd
Size

959KB
Sample

250214-m989wavjet
MD5

b7819321f80217a516dc2649097a6cc4
SHA1

c35be052ffa3ad243512cafee4034656399f52cd
SHA256

77e15415d2427d168202684e80034c83d83230deee10efe86cf07049af98d77c
SHA512

8fd59280dd6658b6b105936eda91555e6c1f7c0f6b7aebfe3df7c74a6b94db2498acc36d896e31d9de63c8d0073fb25127c249d1c9ca15ba09127f83cb6a6525
SSDEEP

12288:UPCl0t4TkEIroYUI2K/AtBb2d/fNguvEc4sI20geXazMbkJ/i3O2CHaAUwvUbcYG:UKRfcOe4hDgeqzRJ/LLU6WcbTtUi

Score

10^/10

guloader discovery downloader execution

Static task

static1

Behavioral task

behavioral1

Sample

PAGO.cmd

Resource

win7-20241010-en

guloader discovery downloader execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

PAGO.cmd

Resource

win10v2004-20250211-en

guloader discovery downloader execution

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  PAGO.cmd
- Size
  
  959KB
- MD5
  
  b7819321f80217a516dc2649097a6cc4
- SHA1
  
  c35be052ffa3ad243512cafee4034656399f52cd
- SHA256
  
  77e15415d2427d168202684e80034c83d83230deee10efe86cf07049af98d77c
- SHA512
  
  8fd59280dd6658b6b105936eda91555e6c1f7c0f6b7aebfe3df7c74a6b94db2498acc36d896e31d9de63c8d0073fb25127c249d1c9ca15ba09127f83cb6a6525
- SSDEEP
  
  12288:UPCl0t4TkEIroYUI2K/AtBb2d/fNguvEc4sI20geXazMbkJ/i3O2CHaAUwvUbcYG:UKRfcOe4hDgeqzRJ/LLU6WcbTtUi
Score

10^/10

guloader discovery downloader execution
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderexecution

behavioral2

guloaderdiscoverydownloaderexecution

© 2018-2025

Terms | Privacy