guloader | 4528bf4f34f2c1565c6cb425b33b71a8c43253b91b4b4874a47cb28454e3ecc4 | Triage

Sharing

General

Target

b03ab72540cf1ccd015fc84877783d3e_JaffaCakes118
Size

60KB
Sample

240820-wfpstavhke
MD5

b03ab72540cf1ccd015fc84877783d3e
SHA1

6b614c54a24b0419b06a504ec52fb2a6cd195dea
SHA256

4528bf4f34f2c1565c6cb425b33b71a8c43253b91b4b4874a47cb28454e3ecc4
SHA512

819960738a95eb711bc0c8c7aa88914d0a6b93c922c938a2fee8115a8ad4b5d4a9934e623ac0f4534d800b7d5cbf6d6ecfc58946c6ef7f68fb17718fc57b5f50
SSDEEP

1536:mOgKSvy7xCKFWVCrx1uAQ7e76XUQyqf3482Ue08upNI:qKSgvFWV81uAQSGEfe482Ue03E

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://hzz1.at/CHOFEB_ZwIyZsvW14.bin

xor.base64

Targets

- Target
  
  PO1001910.exe
- Size
  
  112KB
- MD5
  
  1f6063e9850c7add3ef8d5acc03b83c9
- SHA1
  
  6fa2a99b27cad774b5d0278a66f85183ba555d73
- SHA256
  
  1b9a71edba9009792694340883c03331b996ec6c63b3a41c6850dcb6d4f9c4fa
- SHA512
  
  0e9d4b91c2a262c439c55b760f63968de32b678b354d2ff78bef406c286abd8d8d127ece077f5a86dae71bd42f1209dbce2cd53fc60b17d28b7af2d711e7f487
- SSDEEP
  
  1536:rYWYmIItqT6C1Zuas4sa3BTW5DmDdg9je2OJBOlW:sWQYqT6CA4BxC5DmDO9je2OJBOlW
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader