guloader | a97a7c59fd1240722e02c1fe6e0c604f00d144578f701c78c47efb5132759a0b | Triage

Sharing

General

Target

Udeladelsers21.exe
Size

789KB
Sample

250220-yrm5gatpbp
MD5

0414f807264c86c53561dbac864a0a03
SHA1

31090a8c34e7c6f08f80f7dc9d08890fbed06498
SHA256

a97a7c59fd1240722e02c1fe6e0c604f00d144578f701c78c47efb5132759a0b
SHA512

3f64007953ef2cac2e8151176b8f7a1b5954bdd15404a4f79f3cfd3da74f1ce1113ca2ccd237056d59aa08fcc171d23d3a4644fbd1effcb9b8227f3eb07e8290
SSDEEP

12288:I2LyZBH9zpl/scMxT3iKJCcYpOPJbiHWQLq7uHkqx+9f9Rv5WimvSre:I2G/Lhflc3iHWgsuHxw3h4vV

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Udeladelsers21.exe
- Size
  
  789KB
- MD5
  
  0414f807264c86c53561dbac864a0a03
- SHA1
  
  31090a8c34e7c6f08f80f7dc9d08890fbed06498
- SHA256
  
  a97a7c59fd1240722e02c1fe6e0c604f00d144578f701c78c47efb5132759a0b
- SHA512
  
  3f64007953ef2cac2e8151176b8f7a1b5954bdd15404a4f79f3cfd3da74f1ce1113ca2ccd237056d59aa08fcc171d23d3a4644fbd1effcb9b8227f3eb07e8290
- SSDEEP
  
  12288:I2LyZBH9zpl/scMxT3iKJCcYpOPJbiHWQLq7uHkqx+9f9Rv5WimvSre:I2G/Lhflc3iHWgsuHxw3h4vV
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  ab1db56369412fe8476fefffd11e4cc0
- SHA1
  
  daad036a83b2ee2fa86d840a34a341100552e723
- SHA256
  
  6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b
- SHA512
  
  8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d
- SSDEEP
  
  48:S46+/zTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mxofjLl:z5uPbOBtWZBV8jAWiAJCdv2CmAL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6