guloader | 490e047277ae754fa21e7978a6e79a43315d7633799d5a30f8063e6a58213b15 | Triage

Resubmissions

24/02/2025, 15:36

250224-s1z8haznw7 10

24/02/2025, 15:30

250224-sxsdgszmt4 4

Sharing

General

Target

Quote_7902132_Middle_East_02 pdf.exe
Size

1.1MB
Sample

250224-s1z8haznw7
MD5

4d7594ca2c229b411c198834af374edf
SHA1

aea3adcec03b68965f3b5a90637b7a0f3b9fc135
SHA256

490e047277ae754fa21e7978a6e79a43315d7633799d5a30f8063e6a58213b15
SHA512

611efdacb7768d21fb53c77e3213ec9f8c1d6b639cf0be20e28a67f2425366ef7298775819cfc0acac5c6f6ecdd7545015c19163ac8894cd461cf8a562faee60
SSDEEP

24576:VYVq0sxCJTFLubljPEATFsjq5c3SddFDykNTwdQG9ikk:sq0aC3uljMAZl5kSdzDPwZij

Score

10^/10

guloader collection discovery downloader spyware stealer

Malware Config

Targets

- Target
  
  Quote_7902132_Middle_East_02 pdf.exe
- Size
  
  1.1MB
- MD5
  
  4d7594ca2c229b411c198834af374edf
- SHA1
  
  aea3adcec03b68965f3b5a90637b7a0f3b9fc135
- SHA256
  
  490e047277ae754fa21e7978a6e79a43315d7633799d5a30f8063e6a58213b15
- SHA512
  
  611efdacb7768d21fb53c77e3213ec9f8c1d6b639cf0be20e28a67f2425366ef7298775819cfc0acac5c6f6ecdd7545015c19163ac8894cd461cf8a562faee60
- SSDEEP
  
  24576:VYVq0sxCJTFLubljPEATFsjq5c3SddFDykNTwdQG9ikk:sq0aC3uljMAZl5kSdzDPwZij
Score

10^/10

guloader collection discovery downloader spyware stealer
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Browser Information Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloadercollectiondiscoverydownloaderspywarestealer

behavioral2

guloadercollectiondiscoverydownloaderspywarestealer