guloader | fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7 | Triage

Submit
Reports

Overview

overview

Static

static

1

fec5bb957b...f7.hta

windows7-x64

fec5bb957b...f7.hta

windows10-2004-x64

Sharing

General

Target

fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7.hta
Size

24KB
Sample

240625-cgcebsvdna
MD5

1234960c4d927466cfbb9897c4af1d0e
SHA1

eb834e095dff7f5f1d2a48d5268495d15cb183d3
SHA256

fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7
SHA512

6f353bdf144dbdd20974445c334833197349da4fc91b6bb0c03c486abdbeefe98db80219b1367fc9fe471f30e8a465e37fa23d62e619108a434228006b8f2806
SSDEEP

768:rFcEgWIfttLKWs1v9erzdu48Ab5wQY+y4rBL1JPWUzmP:ZcEEfXL7snet8Ab5YCBTcP

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7.hta

Resource

win7-20231129-en

guloader downloader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7.hta

Resource

win10v2004-20240611-en

guloader downloader

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7.hta
- Size
  
  24KB
- MD5
  
  1234960c4d927466cfbb9897c4af1d0e
- SHA1
  
  eb834e095dff7f5f1d2a48d5268495d15cb183d3
- SHA256
  
  fec5bb957bff39fc9d32793d5485483eb901a6a1356e6a25138ae1bb8089d7f7
- SHA512
  
  6f353bdf144dbdd20974445c334833197349da4fc91b6bb0c03c486abdbeefe98db80219b1367fc9fe471f30e8a465e37fa23d62e619108a434228006b8f2806
- SSDEEP
  
  768:rFcEgWIfttLKWs1v9erzdu48Ab5wQY+y4rBL1JPWUzmP:ZcEEfXL7snet8Ab5YCBTcP
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2024

Terms | Privacy