guloader | 496df3bbe4b68485ee115dbdbc1be18694e4138534efa5225423d4cfffcf3d13 | Triage

Submit
Reports

Overview

overview

Static

static

1

63827bccbd...35.vbe

windows7-x64

8

63827bccbd...35.vbe

windows10-2004-x64

Sharing

General

Target

207b136f41dce4a20ef01071d8358131.bin
Size

12KB
Sample

240626-cpa68s1gmr
MD5

bf5f0292d4022c21cf5d4425f61ce01e
SHA1

702c615a882330682db68dd6d8bf0f111d5cda5e
SHA256

496df3bbe4b68485ee115dbdbc1be18694e4138534efa5225423d4cfffcf3d13
SHA512

cfea8fef2307e77663e8909331a8d8689557ccea051d9cca068c23e45db6363893b64808aef0407a0b3a90cfda8d9cafb677c7fab4aba7b040cf9b923d7f3aa0
SSDEEP

384:Z9M21n9XM5zvKLr8+VJy598vWrCqX3Wk9gq1W:Z951n9cxSMvmWNnWyN1W

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

63827bccbd36fabd8120635af4e68329bd834dc0e11c75d4bb81797421cb9d35.vbe

Resource

win7-20240611-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

63827bccbd36fabd8120635af4e68329bd834dc0e11c75d4bb81797421cb9d35.vbe

Resource

win10v2004-20240508-en

guloader downloader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  63827bccbd36fabd8120635af4e68329bd834dc0e11c75d4bb81797421cb9d35.vbe
- Size
  
  23KB
- MD5
  
  207b136f41dce4a20ef01071d8358131
- SHA1
  
  e5561b3304b7655ff20240631abf1eaa2aff37ef
- SHA256
  
  63827bccbd36fabd8120635af4e68329bd834dc0e11c75d4bb81797421cb9d35
- SHA512
  
  76b182aeed7902032265434c78b5757db5e7949e360267fb3a5648586eeb25bf12c22ea4520db4f0b114aeb0f9c5976989c53ec94c5c475a3bc103ccaa5c8eb6
- SSDEEP
  
  384:nDJcEgWPwf0ulPLLgoylkWz1vAaFYruA/du48nAc55Xid6VKRm3PHAr:nFcEgWIfttLKWs1v9erzdu48Ac55XidH
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloader

© 2018-2024

Terms | Privacy