guloader | 852a0d477d29d18d5b7c419e4d64a90761e04c908fc7171e2faab5ad40021fbc | Triage

Sharing

General

Target

852a0d477d29d18d5b7c419e4d64a90761e04c908fc7171e2faab5ad40021fbc.jar
Size

367KB
Sample

240522-ccjmvagh2y
MD5

91a034327be0deaa30c73c21e1a72dad
SHA1

d69bb4445717931d0c80931bff02f0cb6d8d8d16
SHA256

852a0d477d29d18d5b7c419e4d64a90761e04c908fc7171e2faab5ad40021fbc
SHA512

06414545c70e01af969bf935433e328f1f9a5d029454b883d963e248f8b42020161ce83339f27c1e8e801501f40131f216384f71e06abdfc9c26e4067b3ae740
SSDEEP

6144:xqZUJOXigyQjLGz0IDw1txim5ruiZpIRZ4gc9ps83WDw5+zmonPBMJwoLr5hLQv2:xqZUQygv2pEyY7pIhoa808loPBMJwoZB

Score

10^/10

guloader downloader macos

Malware Config

Targets

- Target
  
  xerox322200524.exe
- Size
  
  464KB
- MD5
  
  5b578b597f4f4eef57eda996ee33cdb6
- SHA1
  
  efdb66166e1a45e9a30c67bc6d80e42f843b5604
- SHA256
  
  285009b0e71742b5fbe9407dcb25e378d35c2b9eab33f51618b46b647878c60d
- SHA512
  
  a7cc33e0e73c5c821d66a2ce437dfcd1ae8074161e3cafb9c2668dd3e411fc4073e1161f8781a17bbb3c8af29f210b9c3b7cf9d7a534fb278fc54ae4eabdeea3
- SSDEEP
  
  12288:vi3hR5SANiItEOU79Uhua4g8Do3BMJSojhvnH3:K3hv5iIizUhH4g8eqSqd3
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Banner.dll
- Size
  
  4KB
- MD5
  
  0d5428f7920274caedfa8f2ae980e196
- SHA1
  
  ce2ca2381a4b9ed9f06f6af5a183a840de290c3f
- SHA256
  
  4083bef584ad6793b3d57e3e3f764a31afac876412df65c5da5afee76bbd1e10
- SHA512
  
  78419752f3e6579f7caf1f9bab70a46ac2b0a7c5f08eb8604e927baea611c182133ce8d58929a059f22e6c2befb5ff0c24ee6500d0708bc884a65e395ea7c4cf
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  9436196007f65f0ae96f64b1c8b2572e
- SHA1
  
  4b004b5c2865c9450876be83faa8cc96e1d12c01
- SHA256
  
  286f246ee18bf91c4a80fa2cdb61077a4bcf0a3fd6582be4b4ab6a5cb3de44c9
- SHA512
  
  5c172675fbbea214471ac35eebaa6ab9bd1306268144085adbad3bba4a815430ed028cac169e8b5a6fd00818684f65d7bdd32f11773bc6152e62ef80f895d35e
- SSDEEP
  
  96:8egk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uT24j7J3kWyy/:t7TJa2roqJyA2EN8diuTHje
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  82c3f38cd34739872af07443c65d0bd8
- SHA1
  
  1f4ee2d394404a291eda6419f856adaf4b960237
- SHA256
  
  59cdb2c12d5635fd25af4007b70222507948be41fa9885b7f07967c2510a5311
- SHA512
  
  3a81c0613b1ea906ad4f103b02620217de69a8676dbb7ec41cf31f342a0a74562815a8d4f2efe9866fc16365f58524ac71652e99920acea355f020028775743d
- SSDEEP
  
  192:ow8cSzvTyl4tgi8pPjQM0PuAg0YNy+IFtSP:lBSzm+t18pZ0WAg0R+IFg
Score

3^/10
behavioral10 behavioral9
- Target
  
  Duramen/Sabbatters.app
- Size
  
  1KB
- MD5
  
  6d05f4d490578ac56f35a2fb0fdc48c3
- SHA1
  
  98cbe66769dca00383a1e6345a0af8d8f5158802
- SHA256
  
  68c60b54d23a7eac7decbd381934147857868b1b5f14a5087cc7d691f68670d6
- SHA512
  
  0d038240e209b7b478d66800c76668fe40b10ffca149b1920946fb025ba5f1be9f20cd75e689cae6c9e5d9c2f722bf54b5bc2783602a0379def34be48e6753b5
Score

1^/10
behavioral11

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11