guloader | d373b165244547b14c84ed40e1d50d839074388160487cb76007df0d997ae50a | Triage

Sharing

General

Target

74855786c0cbba13a1f316ae0518fdfa_JaffaCakes118
Size

80KB
Sample

240726-sbcqxayarf
MD5

74855786c0cbba13a1f316ae0518fdfa
SHA1

1d091793ecd169a014f6dec55afae6d559d47b91
SHA256

d373b165244547b14c84ed40e1d50d839074388160487cb76007df0d997ae50a
SHA512

d3a2a22ec1eea9df29584c7f0eb3fe6e545183db2a26fe8a0eb09d7069868d48ed5d1ff806a1ca9b96c1b84a7c06d61ef54f591e26ad0672d1b1343ecb0035de
SSDEEP

768:umofxspErpsHULcd0CCCY3T9oZMCMhFii+c/FLThDEMVRX8TC:baupaTLC0CCCk97LQi+kThDnT

Score

10^/10

guloader discovery downloader guloader

Malware Config

Extracted

Family

guloader

C2

https://www.daglork.com/origin-wm-bin_hFRzW236.bin

xor.base64

Targets

- Target
  
  74855786c0cbba13a1f316ae0518fdfa_JaffaCakes118
- Size
  
  80KB
- MD5
  
  74855786c0cbba13a1f316ae0518fdfa
- SHA1
  
  1d091793ecd169a014f6dec55afae6d559d47b91
- SHA256
  
  d373b165244547b14c84ed40e1d50d839074388160487cb76007df0d997ae50a
- SHA512
  
  d3a2a22ec1eea9df29584c7f0eb3fe6e545183db2a26fe8a0eb09d7069868d48ed5d1ff806a1ca9b96c1b84a7c06d61ef54f591e26ad0672d1b1343ecb0035de
- SSDEEP
  
  768:umofxspErpsHULcd0CCCY3T9oZMCMhFii+c/FLThDEMVRX8TC:baupaTLC0CCCk97LQi+kThDnT
Score

10^/10

guloader discovery downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloader

behavioral2

guloaderdiscoverydownloaderguloader