guloader | 7ee9c4c62748596707506eccb51ced6b0a934f33222fd67a4e4038c4eac81224 | Triage

Sharing

General

Target

68911a77f4b29dee848cdc52662b6f0c_JaffaCakes118
Size

23KB
Sample

240522-zja1lsga69
MD5

68911a77f4b29dee848cdc52662b6f0c
SHA1

5f0ebe0bda1829e077aa4c549e80dd9d34832450
SHA256

7ee9c4c62748596707506eccb51ced6b0a934f33222fd67a4e4038c4eac81224
SHA512

9a34932d27a220dfcde7646717b9b05cae20e006f381f05b755f04968746e888d7ed20f9031ec2ca113b41ecd12c772b357d31279f2e33472cc04829e04b8b31
SSDEEP

384:JsC3sL1TJctPIuaFrSqAbL7tMppj2F1XS3tX/1iBQfHrmLjeFxJk5h2RjOyiFsBv:JtsLRiPcFrSqAbvOppj2Pi3Z/UAkiR+k

Score

10^/10

guloader downloader

Malware Config

Extracted

Family

guloader

C2

https://www.mediafire.com/file/md0mc3zocq6uh6b/gbam_encrypted_65A39A0.bin/file

Targets

- Target
  
  Gecikmis odeme.exe
- Size
  
  104KB
- MD5
  
  bb357ccfe2cfcda6512d979e4bfd4b84
- SHA1
  
  9a63e5f0d0e5f66a9b7ee47a2fd7a2eeefab36e2
- SHA256
  
  0bd6c14cb1ba4500de6884448d122ad199f67cb56912533aef9cbbe7d7c3b66f
- SHA512
  
  8271bbb94a7d313f47e631f705c56f04b3af86541e448a9ab38c48173c4bef3afb7db21bb82ace31444b1d16910915c55d399260ff82e15cdabe37a8151f73b9
- SSDEEP
  
  768:En8cA69MRzXDRbfDbMh7aZRGNcxmT2dr7+4AHsE3FlgXmUbv/P9:O9MRzFbDbMh2uYq25+4s3FGtbv/P9
Score

10^/10

guloader downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloader

behavioral2

guloaderdownloader