guloader | 3fdc70759c5fb107d6eeb6b5be8fb50170e81ba1099dfa1ba30d6605d3264211 | Triage

Sharing

General

Target

639cb459c7bf64f47b7376a85b73a5b9_JaffaCakes118
Size

21KB
Sample

240521-rsj1waha87
MD5

639cb459c7bf64f47b7376a85b73a5b9
SHA1

c7cf7f964c0026c2cd8a4bdd2247812b4db388c6
SHA256

3fdc70759c5fb107d6eeb6b5be8fb50170e81ba1099dfa1ba30d6605d3264211
SHA512

a2f27af3eb258a78634dbb66f10b4eca9de7f85d7e1cb191589885eaaaa3da45780d42e578f8eb9700a2ab707f2155bb06ed4d374165b47b6caf956d4d83ca1c
SSDEEP

384:A78NZ1PxkVXx4fx95lxmsiZWPodaQ0Xma1UPsocQCsIkPfIuZ6QCj2JsiMiKENVe:bn553gUyaqPFrBIgQREjTTe

Score

10^/10

guloader downloader persistence

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=A32AEA2B4355716B&resid=A32AEA2B4355716B%214978&authkey=AI9mqOKtOkBDroM

xor.base64

Targets

- Target
  
  New PO as per attached-2020-6642.exe
- Size
  
  44KB
- MD5
  
  b17644b26f54aee17d39cb7bfceee846
- SHA1
  
  a6b0b1155257bbaf9d710fd8d9b92b94601d82d9
- SHA256
  
  6f840786f7756f4b7bd84cfc327477af8a3aa99ba9768581f52a7ba3df9af806
- SHA512
  
  bad64051fe0604f25630515ffa703304c153752664b846f1f90e8dc0d3bd3c426ccef8b169f013ba3d49dbaf4715be39ae3a0e8ff08ea6177427b22f459eeb93
- SSDEEP
  
  768:mVPH8IEd7Qs5a3V4IYRaacERTW3Mst3L:mVPcIm8Ua3GI9Xtb
Score

10^/10

guloader downloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdownloaderpersistence

behavioral2

guloaderdownloaderpersistence