guloader | 423365fc831493c0300ddcb2260f1b1bee5f18bc63d5687314caf0ddefa5364e | Triage

Sharing

General

Target

24022025_1626_24022025_Employee Performance Report.rar
Size

534KB
Sample

250224-txkt3sskw9
MD5

db5f298b3cc844f1e3fcfec8fe33e593
SHA1

b7a550e2ae8167bf463e16a3e0a3ccff9e465611
SHA256

423365fc831493c0300ddcb2260f1b1bee5f18bc63d5687314caf0ddefa5364e
SHA512

6e823e435d3ee869ad257e9288c3c0d3d25813be8acef4132f97c4e6e2e5f08f69827ed6e55fb9042610a3f33c731ff3cc6c9dc0f078d781c69b741f0efe45dd
SSDEEP

12288:LLuNUd2uIeY8lyIvHefrXOZpQB11J/PU2cjIKS:2ed2uIeXHCrXCpw11J/8VS

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Employee Performance Report.exe
- Size
  
  603KB
- MD5
  
  1da8315a94f0b1d6ea869d4547ad85ea
- SHA1
  
  7990c6e02172f81cbd171ac66f5f61fc0e23d696
- SHA256
  
  226beb95ef900ee4bd47d0a20f69d8f83cf3f76ebe397b1fa21863e71fd8f29f
- SHA512
  
  724914b2b297d4591ca56e6c4f582d4580e06e7bb9d8c213720d3a46d36714cbe43cd25521a87f72049d803b2272fd1749812ac4ecdba439c0adade0764ca65b
- SSDEEP
  
  12288:5UVC9GIaG5ez1SjybpA3K6af5C0FwoZNqF9AUiDeDx3E:KVzK5ez10ya3qfLwo2qDeDB
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  2ae993a2ffec0c137eb51c8832691bcb
- SHA1
  
  98e0b37b7c14890f8a599f35678af5e9435906e1
- SHA256
  
  681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59
- SHA512
  
  2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9
- SSDEEP
  
  192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4