guloader | 3d1067331b7bed8a818ca2efcec2136667f2a180d0ee716a6f9b475e9df2fd7d | Triage

Sharing

General

Target

49b298624de14b573163b90397130419.exe
Size

1.0MB
Sample

250225-qwwneaxpx8
MD5

49b298624de14b573163b90397130419
SHA1

013b0fe9893158822f141113dfe46cd924e2a443
SHA256

3d1067331b7bed8a818ca2efcec2136667f2a180d0ee716a6f9b475e9df2fd7d
SHA512

b21c95d074e2c55b2e0f58a6158c1b393f84dab10c79a4fcfa0b86e4a69e29c2052fac8ecfb5448032a833f379c683d1ac79754ad04226a0086139f5005aedd8
SSDEEP

24576:LzOEC045nLnc5hdrvxFqJ+ZIEDw4vNG5Hgapn:eEeFLu12J+lktNge

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  49b298624de14b573163b90397130419.exe
- Size
  
  1.0MB
- MD5
  
  49b298624de14b573163b90397130419
- SHA1
  
  013b0fe9893158822f141113dfe46cd924e2a443
- SHA256
  
  3d1067331b7bed8a818ca2efcec2136667f2a180d0ee716a6f9b475e9df2fd7d
- SHA512
  
  b21c95d074e2c55b2e0f58a6158c1b393f84dab10c79a4fcfa0b86e4a69e29c2052fac8ecfb5448032a833f379c683d1ac79754ad04226a0086139f5005aedd8
- SSDEEP
  
  24576:LzOEC045nLnc5hdrvxFqJ+ZIEDw4vNG5Hgapn:eEeFLu12J+lktNge
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Ekspositionsdelen.Afd
- Size
  
  115KB
- MD5
  
  22fb834736ef02494e99f71ba7222f69
- SHA1
  
  ad6a98d680a72a823b5b175a45f46a8b96b7b7ca
- SHA256
  
  7bf5c0010b6e023c90e5896266b53b84b06e8819ca3e17c78024f2a820164c13
- SHA512
  
  76de9f0a84157ac194833dc451f000bbe483274cae995a71474bdf636e20ae19eeb6d12081d122b7f7c7cd6bc3e225ef3642f944268a764fe0f6dbd6302a88b0
- SSDEEP
  
  3072:PfBZ+bT8joyfvU9lEERRZu+WYY4iUot91:PZI/yZ2l5n4PJHUe91
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Festmaaltidet.Bas
- Size
  
  290KB
- MD5
  
  4e733ad05fe11b810f1ce779ff99d8e2
- SHA1
  
  e09bfd8be51d8855f77366ca7eebaeb2d9505677
- SHA256
  
  692d074b79c1fde0239b1dc519b4af570cec1bd64a23f715d40575bd238e2c1a
- SHA512
  
  c791ca4a06f4efaccba7f8a3004e7e9402751352a7917d114e0fe417b9f245cd1f177cdf445b798d1249a70e5f84b8124367913da09cb505d2eb9a376ba3810b
- SSDEEP
  
  6144:tpWx/FMrb7rTP6ayi2X2k4v6kuNQjFUGxJ+SVC9H1W:tpy/U7rTiayi7BuNBsnsVW
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Unrhymed.adi
- Size
  
  92KB
- MD5
  
  4e17cfae8be669dc88bb9343f971862b
- SHA1
  
  642ea7d1c06f438146d2df1b132ac7e85a261917
- SHA256
  
  25615665769858efd92342269955c6acd095520d8fe5b5fb1633d28ed92cd840
- SHA512
  
  7209c60bd74062f9e689a8389f671c0e0b531b764858957c5724ae548e28a163809b5a7b998d680250afd84d1bc28414ead65d12d8d352cf4d4b0e9e4bac2237
- SSDEEP
  
  768:RtbjIxO6JaLTYpLJL8Ku9ytaVXzM3gdDENCc2wqlx9:z6gLTIgt9Krox9
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  apotekerbevillings.txt
- Size
  
  32KB
- MD5
  
  7395345f8f9fa1c2c012f30387fbe6bc
- SHA1
  
  e2eca72547487ebc02e2c37a3b997e3b6c318f0e
- SHA256
  
  fe0871eb8dc89ceaacdea8439ded372446cc9b7a5c8e4b25530da1b9f69b6e83
- SHA512
  
  f4760e97752416734aa323722fff672d85fd23e057d70296de304ccfd7c813aae1e2091006f1acc9758a16acff8b61c00164aee116ae9ac2faaec34e186db7a1
- SSDEEP
  
  768:Y3BEzLhyMSuCE5OTO/R+5oEdZ0/EqdZceab:Y2xyM4EfYokZ0pTcTb
Score

4^/10
behavioral11 behavioral12
- Target
  
  christianshavnerne.deh
- Size
  
  310KB
- MD5
  
  4b4e2fdeff2dc5af4e442db8042a4eca
- SHA1
  
  11b4ae1475ca6474615b2fbe921c8de02202d0a7
- SHA256
  
  c2bb0dd5c0cf12b535b2eb67d6df11e6542c8b9a28c47996ad5a955edd5f6fc7
- SHA512
  
  7f327729126d6a31fc6458540a4bb799fc3e5ea000df5994fddd6e16702c80130d472ef215e87279470dd014e0a4fb3bfc47a7a092ba37b6a484ededf8ece32a
- SSDEEP
  
  1536:+C6MIq7nr4cwrdrXpUMOn0mJk0qsrHSJ+crTe:5NLLdCjsfKArHSJBe
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  claudius.jpg
- Size
  
  23KB
- MD5
  
  50c4365542d93fd8a313440adda9017d
- SHA1
  
  def4fd0b74aa6d981aa001bdea66125bcdd94235
- SHA256
  
  461ad2638a4bd638ec62fe4d1e467b80a2fd0c9888d99c853d196fb693d98866
- SHA512
  
  7cc979865aac0e3b4562c55b30a3d868306e3d792f94da62876673cd6e4b08752953bb45ecb2c57a23645cfe894c3d2116ca9fb97f9e61b51b76d911786c4dfb
- SSDEEP
  
  384:hejmQNhLRG3tOg2Q2FewajHVoWrO/zQQ1SHTpKLZTuNtTpb9PzWzpl4kO/uzvl:heJNGpKajHVDO/zQk1TuFb9PkO/ubl
Score

4^/10
behavioral15 behavioral16
- Target
  
  lumpenhedernes/stoppegarns.bra
- Size
  
  479KB
- MD5
  
  454bfa40f950359c0c5fedfce885db5d
- SHA1
  
  3fcd8ae2afc5d784a1759315b9e1744e9873e950
- SHA256
  
  92cb9a933f564e207a2f8a9387dc6f4852a5aa53ac6c95120fe77d3b684ca3a4
- SHA512
  
  4a8b956fbf7072b676f6a8526d6f909a7d6f43c4f67c7aea12e275799b42b78e8500a7caa5387eff5607d90d578210c6fc230238b6b95401392115a0aa49dbea
- SSDEEP
  
  1536:Iwj7QkU4Succftrx4E1tOkzEF62k8SPnkxFDhTB7FTIo:IIQkHCcfkCxYFLk8S6FBxJ
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  normalfordelte.jpg
- Size
  
  32KB
- MD5
  
  422d904c045d4ac8205ae56d0d413cf9
- SHA1
  
  8edd159e33b5feed673eb21561923b6311952d6a
- SHA256
  
  896685baa3d8b6c65622f6d6241a3c2121a1e26434875e8f03c544ebe54af56d
- SHA512
  
  087b0a02b40aca8792b2e60280b8e7645e086ac19919c55f078530eeacac6aa44fc12e5104c1d7ea25a2b2367e4721bb9cb20de6e65d98756ac8c5395d8ed4e1
- SSDEEP
  
  768:Y3BEzLhyMSuCE5OTO/R+5oEdZ0/EqdZceam:Y2xyM4EfYokZ0pTcTm
Score

4^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20