guloader | 058ee0434baf472713da384ee3ba273f64995b9c7f83b7e62a8b3285b334b2cf | Triage

Submit
Reports

Overview

overview

Static

static

1

5262da4295...18.msi

windows7-x64

5262da4295...18.msi

windows10-2004-x64

Sharing

General

Target

5262da4295e8a62d58d17991b35bf860_JaffaCakes118
Size

124KB
Sample

240331-kzftgahg76
MD5

5262da4295e8a62d58d17991b35bf860
SHA1

3fba37528f6b06d2c89c7d86ce6352df438f1855
SHA256

058ee0434baf472713da384ee3ba273f64995b9c7f83b7e62a8b3285b334b2cf
SHA512

8a82d10997e8b64ab12688e6cb909e405644bfcf2ed0e47df9c16009bf1ae415c17bc5a0cc27717d34f6f5484ca27fe026893b4637ea01cb1209dd0427574c18
SSDEEP

1536:HEzzhi6Qu6TDW2rxtene90Ceqhg0Sh1xOeFPa+HNFiS79oe:HEzlQuExvene9zFhgDbsm7TiVe

Score

10^/10

guloader downloader

Static task

static1

Behavioral task

behavioral1

Sample

5262da4295e8a62d58d17991b35bf860_JaffaCakes118.msi

Resource

win7-20240221-en

guloader downloader

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

5262da4295e8a62d58d17991b35bf860_JaffaCakes118.msi

Resource

win10v2004-20240226-en

guloader downloader

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  5262da4295e8a62d58d17991b35bf860_JaffaCakes118
- Size
  
  124KB
- MD5
  
  5262da4295e8a62d58d17991b35bf860
- SHA1
  
  3fba37528f6b06d2c89c7d86ce6352df438f1855
- SHA256
  
  058ee0434baf472713da384ee3ba273f64995b9c7f83b7e62a8b3285b334b2cf
- SHA512
  
  8a82d10997e8b64ab12688e6cb909e405644bfcf2ed0e47df9c16009bf1ae415c17bc5a0cc27717d34f6f5484ca27fe026893b4637ea01cb1209dd0427574c18
- SSDEEP
  
  1536:HEzzhi6Qu6TDW2rxtene90Ceqhg0Sh1xOeFPa+HNFiS79oe:HEzlQuExvene9zFhgDbsm7TiVe
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

© 2018-2024

Terms | Privacy