guloader | aec28453ffaa0598b18b653945ed5b11ce928625a881d0ab49b0aad428e4177c | Triage

Sharing

General

Target

de6fd9c36399cb4edd4c1ce6a66a020a_JaffaCakes118
Size

80KB
Sample

240913-sydayswcld
MD5

de6fd9c36399cb4edd4c1ce6a66a020a
SHA1

17e8fbce596328734fc8ccf7a5c4f4067eed5132
SHA256

aec28453ffaa0598b18b653945ed5b11ce928625a881d0ab49b0aad428e4177c
SHA512

f15b17cae3f80ad2a479b863c8aae35a5e794089c7cbb567c0f9746364fdaf82a6378c5a5aaf106a9f269d2bdbd0520f6b557b1e95b39f8edc219d007360dc99
SSDEEP

768:CISDNR2jZX8OgRQTVbc42CMZ7E1XqISDN:C/qR8OgCTK42N7i6/

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=10B5t-PyiotIjd29xOsTd1TK39yay8Fy-

xor.base64

Targets

- Target
  
  de6fd9c36399cb4edd4c1ce6a66a020a_JaffaCakes118
- Size
  
  80KB
- MD5
  
  de6fd9c36399cb4edd4c1ce6a66a020a
- SHA1
  
  17e8fbce596328734fc8ccf7a5c4f4067eed5132
- SHA256
  
  aec28453ffaa0598b18b653945ed5b11ce928625a881d0ab49b0aad428e4177c
- SHA512
  
  f15b17cae3f80ad2a479b863c8aae35a5e794089c7cbb567c0f9746364fdaf82a6378c5a5aaf106a9f269d2bdbd0520f6b557b1e95b39f8edc219d007360dc99
- SSDEEP
  
  768:CISDNR2jZX8OgRQTVbc42CMZ7E1XqISDN:C/qR8OgCTK42N7i6/
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader