Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan Matrix ThePornDude
Home Artists Posts Import Register
Patreon importer is back online! Tell your friends ✅

Live Stream VOD: Guloader NSIS Delivery Analysis (Patreon)

Published:
2022-12-20 05:23:04
Imported:
2023-09

Content

In this twitch stream we take a second look at Guloader with a focus on its highly obfuscated delivery chain. An NSIS loader is used to execute multiple layers of obfuscated PowerShell which eventually lead to the Guloader shell code.

The goal of this stream is to better understand the obfuscated NSIS delivery techniques used by Guloader and compare them to other iterations of their delivery chain with an aim to identify commonalities. 

This stream ends up being just Part 1 as we don't get the final shell code fully extracted... stay tuned for Part 2!

Sample

54976a776a08ddd4ab7cf1fb6b00c4a23f931f1a7d1d937922169ef3be7c9cae 

Notes

Guloader Delivery (PowerShell) 

Files

overlay

This is "Live Stream VOD: Guloader NSIS Delivery Analysis" by OALABS on Vimeo, the home for high quality videos and the people who love them.

Comments

RussianPanda

I can't wait for another stream on GuLoader :) Happy Holidays and see you in 2023!

Chaitanya Ghorpade

If we can take a look at shellcode from this blog too https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy/

oalabs
>>98387363

We have a few more streams to do on guloader in the new year! We can def add this and see how much has changed between the sample we are analyzing now and this one!