guloader | f13819d061e77a6a071a72f23e5daa4751db395492773280bd8e6285f0942e84 | Triage

Sharing

General

Target

Vidneafhring.exe
Size

1.1MB
Sample

250218-pax4nszpbk
MD5

24c3013ee542b77eb416866a4dcdf66e
SHA1

3d9ae42b17acc38c9f8425124ddc7fdc7fbde6c0
SHA256

f13819d061e77a6a071a72f23e5daa4751db395492773280bd8e6285f0942e84
SHA512

0694c1b57c5e0fab3218719f195632ad6a519312f812056d05d87da7e455aae4fd2f370b1d4d057798f328f2f218ac396b9b496a71614139dbb5248242993b45
SSDEEP

24576:ZSafgu8S1aLLwWOroUmLDbZ7Jjl7WqDs3Ryo:ZlfguN1GLwWObSFhWquRh

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Vidneafhring.exe
- Size
  
  1.1MB
- MD5
  
  24c3013ee542b77eb416866a4dcdf66e
- SHA1
  
  3d9ae42b17acc38c9f8425124ddc7fdc7fbde6c0
- SHA256
  
  f13819d061e77a6a071a72f23e5daa4751db395492773280bd8e6285f0942e84
- SHA512
  
  0694c1b57c5e0fab3218719f195632ad6a519312f812056d05d87da7e455aae4fd2f370b1d4d057798f328f2f218ac396b9b496a71614139dbb5248242993b45
- SSDEEP
  
  24576:ZSafgu8S1aLLwWOroUmLDbZ7Jjl7WqDs3Ryo:ZlfguN1GLwWObSFhWquRh
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  2a0f58baa9f48961707195d3d9ab8d0a
- SHA1
  
  abb640f58bd2a3fc50cd130bd960015df7a2a345
- SHA256
  
  a9520ce3bcfa4cfb7d9be3d317bdb3068246b38292e6d291a55f1b04a158998e
- SHA512
  
  273356a565978ff58d223e4d84de85d257838b1c37ae33054de76401ac935fd26f54213424ad8164bae2c4f9d9f2d61cbdd24bbaad453da938e0dca26b98130a
- SSDEEP
  
  48:im1gEhmNd2MPUptxENJ5imMOBAZqMTBCpYwvNHZzUJvR0J56of5dwe:F1qdBGE75LBAZqIFeZUR0zPd
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  12b140583e3273ee1f65016becea58c4
- SHA1
  
  92df24d11797fefd2e1f8d29be9dfd67c56c1ada
- SHA256
  
  014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042
- SHA512
  
  49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a
- SSDEEP
  
  192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6