Overview

overview

10

Static

static

3

Draft HAWB.pdf.scr

windows7-x64

10

Draft HAWB.pdf.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14e005a1a51398895c4bd7056964dd6c_JaffaCakes118

  • Size

    31KB

  • Sample

    240728-mld4tswbjb

  • MD5

    14e005a1a51398895c4bd7056964dd6c

  • SHA1

    e13695f3006dad0dbdf2957590cabfb4141fb6f0

  • SHA256

    a2be2bc2c4ca6b92631caf8ca4d8626225af2536d1497d8599cac376837532e2

  • SHA512

    1485371dfb547b83d0e19d3923d53c8ded2bd286a301af45d4337a9bcd4f138a221e6129e0a2b5db01b77180dcf2983c34428e0cb17e57031c79f44a1f186357

  • SSDEEP

    384:DJ8l5JSs4NyyTk3y5l1jB7sBfaOeRu21Dsg+9xT25kx+pNavsMxq/sR1PqSrwbIx:DOl61yN3y5qcZRFKbT2K4+q/MqXM

Score
10/10
guloaderdiscoverydownloaderguloaderpersistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1lwFHDodmljwVaOpWn8UOCTmaZ6GPgsim

xor.base64

Targets

    • Target

      Draft HAWB.pdf.scr

    • Size

      116KB

    • MD5

      f3f56b99541ffaf22e58c42356d2d9f9

    • SHA1

      2fba8478a48e39df1cf52219ee2517af1bc0214a

    • SHA256

      61fa5ce594de537f26b6fe0da3ff9fec603df1af27c2b2ba89f2ee4a6c981e18

    • SHA512

      1bc479a4dae2afd854eb3e4bbe3b97fa401c4dd71dfc1e571d5a1a3d9eb14056e126d3375a637c1543a798b389df4205c3748b11761d62362d56abd11288c467

    • SSDEEP

      768:czNgrXUKsxOymfSXYr+sR6o+livTlTTTTRvVHOYTTTT4P/9gTTTTTTTTTTTTTTT9:czNguCfEu6s/VC9hUEBxc6hRi

    Score
    10/10
    guloaderdiscoverydownloaderguloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks