guloader | d1076c0b9c38e87ce6b484a84e014f8d9d40cc75bc2be9eed3d060fa037c9b02 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f12ec2814d9b74f666aa5043a85a9c3_JaffaCakes118
Size

44KB
Sample

240502-2vv62agg6s
MD5

0f12ec2814d9b74f666aa5043a85a9c3
SHA1

db70f6d2284ed857fa7a1b60d85906bec3c6f46e
SHA256

d1076c0b9c38e87ce6b484a84e014f8d9d40cc75bc2be9eed3d060fa037c9b02
SHA512

d0e3dc9fe1d5f82b4e4d58c3f5c4a76f7a8bedc552b7720757e52774ce8cdd5de2392aeff5a69eff5a13d1df34e614ab7a7fb3af110132631097102e9de5c1a3
SSDEEP

768:O8WCnZ0rTDMWy2jAlv7wCna9A6OuRGmBAwIDoQiJcLEdh4uwFaaB9B/HxyQBi8:OjCGrXMdaC6NAVguEd2uwF/Xkl8

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

http://jumapatagonia.com.ar/whitemaster/bin_tAyKhfryW138.bin

xor.base64

Targets

- Target
  
  Galactic Quote.exe
- Size
  
  76KB
- MD5
  
  7378cde8890fc292a04ff565f31b5ee4
- SHA1
  
  e22afc8524fcf71635183751f74b0355638b1ffc
- SHA256
  
  365468cbebe0672aa23a32f8bf6d038f83315621e09bd7bee1aba71675e0e03a
- SHA512
  
  51e1a59c77ca6d475218e5b993fc14b211c0ee8efd7c45b3ba10806d12b022c0b0dbdbfdada6cba8223a9593b4bc1f031b9c2d77c9cb877500892689de56bfbd
- SSDEEP
  
  768:vk4VeysfNpuRnnPilTjATM52FLwCTu5eIinrNTkRXQJtEWx4Be3KOXNjY3CzfgY6:vkaeysFY6TjMo2yGu5I50goKKkc37+u
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader