guerrilla | 16371c394db9bf609623c3b7531987cdfb87c9176b6660fdc38f7e0cc8cf51b0 | Triage

Submit
Reports

Overview

overview

Static

static

1

sample.html

windows11-21h2-x64

Sharing

General

Target

sample
Size

363KB
Sample

240428-gaggxshb64
MD5

7f9017011aa83fe044d3d943463dd9cd
SHA1

704b8c403cccd5eded6e1cb9bde0ec72d344b670
SHA256

16371c394db9bf609623c3b7531987cdfb87c9176b6660fdc38f7e0cc8cf51b0
SHA512

d8f94c25798ca2795805f99317adb900cbc96302c63f1efaf120f80ac398e4afebbbb30413c327577f1783d608219e598fde47807ae6e0b4e1212960fe7dee2a
SSDEEP

6144:rFdh46vGf65WrXk2Was082duwPfUf81hLO7WdbS0Ryze9xPg5vjoo5GtmZ:Jdh43DWas52d9PfUf81hLO7WdbS0RyzP

Score

10^/10

guerrilla discovery exploit infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win11-20240426-en

guerrilla discovery exploit infostealer persistence rat trojan

windows11-21h2-x64

33 signatures

1800 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  363KB
- MD5
  
  7f9017011aa83fe044d3d943463dd9cd
- SHA1
  
  704b8c403cccd5eded6e1cb9bde0ec72d344b670
- SHA256
  
  16371c394db9bf609623c3b7531987cdfb87c9176b6660fdc38f7e0cc8cf51b0
- SHA512
  
  d8f94c25798ca2795805f99317adb900cbc96302c63f1efaf120f80ac398e4afebbbb30413c327577f1783d608219e598fde47807ae6e0b4e1212960fe7dee2a
- SSDEEP
  
  6144:rFdh46vGf65WrXk2Was082duwPfUf81hLO7WdbS0Ryze9xPg5vjoo5GtmZ:Jdh43DWas52d9PfUf81hLO7WdbS0RyzP
Score

10^/10

guerrilla discovery exploit infostealer persistence rat trojan
- Guerrilla
  Guerrilla is an Android malware used by the Lemon Group threat actor.
  trojan infostealer rat guerrilla
- Guerrilla payload
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guerrilladiscoveryexploitinfostealerpersistencerattrojan

© 2018-2025

Terms | Privacy