guloader | 033005fe6ffc1a0ad4029cf3591476a9c11f2e6481f903f95b0ed2e00c643d94 | Triage

Sharing

General

Target

70%Final Payment Confirmation - PFI_025.exe
Size

731KB
Sample

250416-qb4hhs1wes
MD5

859be39f2dcd41519182d25971bf91be
SHA1

9aba248ad8923d1f0d0912c0415d1b570013f093
SHA256

033005fe6ffc1a0ad4029cf3591476a9c11f2e6481f903f95b0ed2e00c643d94
SHA512

680c76e59fd80768931da65e252444f32d839db50b4647c55ee9b5610aeb42d1e0843c42c06387dfc826543c10c90cc429820bfd12f6f344787c383a55df640b
SSDEEP

12288:iGV3sYdlK+C3TvBPUU557mrQHCsMcg0AeDK07c8owRudjaME/LxG6ODhflE3gX/l:iGV3X/tk5pH7m2NbgNeDKWPudjaME/+p

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  70%Final Payment Confirmation - PFI_025.exe
- Size
  
  731KB
- MD5
  
  859be39f2dcd41519182d25971bf91be
- SHA1
  
  9aba248ad8923d1f0d0912c0415d1b570013f093
- SHA256
  
  033005fe6ffc1a0ad4029cf3591476a9c11f2e6481f903f95b0ed2e00c643d94
- SHA512
  
  680c76e59fd80768931da65e252444f32d839db50b4647c55ee9b5610aeb42d1e0843c42c06387dfc826543c10c90cc429820bfd12f6f344787c383a55df640b
- SSDEEP
  
  12288:iGV3sYdlK+C3TvBPUU557mrQHCsMcg0AeDK07c8owRudjaME/LxG6ODhflE3gX/l:iGV3X/tk5pH7m2NbgNeDKWPudjaME/+p
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  6f5257c0b8c0ef4d440f4f4fce85fb1b
- SHA1
  
  b6ac111dfb0d1fc75ad09c56bde7830232395785
- SHA256
  
  b7ccb923387cc346731471b20fc3df1ead13ec8c2e3147353c71bb0bd59bc8b1
- SHA512
  
  a3cc27f1efb52fb8ecda54a7c36ada39cefeabb7b16f2112303ea463b0e1a4d745198d413eebb3551e012c84a20dcdf4359e511e51bc3f1a60b13f1e3bad1aa8
- SSDEEP
  
  96:zPDYcJ+nx4vVp76JX7zBlkCg21Fxz4THxtrqw1at0JgwLEjo+OB3yUVCdl/wNj+y:zPtkuWJX7zB3kGwfy0nyUVsxCjOM61u
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4