guloader | 380b53197939c21135bb9a1ec7620106e2c0fbd43ebd7d371ae5210ef4a0b925 | Triage

Sharing

General

Target

e2bf1ea4d111476299dfa865053deb11_JaffaCakes118
Size

41KB
Sample

240915-r92l9azcjn
MD5

e2bf1ea4d111476299dfa865053deb11
SHA1

b2343d314485261a4cbcbb3f3eaf350299194615
SHA256

380b53197939c21135bb9a1ec7620106e2c0fbd43ebd7d371ae5210ef4a0b925
SHA512

4a44f7a120b4241009faac563cac8e3433c5a2dc5faf6830667a7327f4bfc5914ba2cdf5498cd932df5aa9ce0728d957c2993ec5c1a2284c73a21a705f21cff6
SSDEEP

768:5lfWWjJwp9Vkt3kEeRNihT16YvGv8pEFQI0b4sWP4jwqmqD6gK1D:f7J8SSROT162GvzFQI0ErAjbmBVl

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1-LXF5SIKTMmMYkkk8NMa_ApqEWVr3Qx4

xor.base64

Targets

- Target
  
  Bon de commande 2021_02_15_pdf.exe
- Size
  
  128KB
- MD5
  
  a77715c06e5afd34b0d513eb8b570511
- SHA1
  
  a4932df3f917349f92503cd2f21eac41a79a8e39
- SHA256
  
  cecab4db1eb666098828a5161c7a2c894b24f42fe7261b8231e766e1ce9a0794
- SHA512
  
  edf8d3c76690df75935fb9584e09ed1e3cf0f81923ee6bc35cc0e1c0dc02816b956572ce2dfc4a2dcd0b436c62a88ed9390a38f61ccc583e85b4265fb7a20ab9
- SSDEEP
  
  1536:tA2LBRs3v551vUMcJnJpBC62AJkUxtUK0LC+WbP6A+5Vx8Fw:DRelfcVJyW7Y5VSFw
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader