guloader | fcf82a7fc4e1cc2952da694daa959d579e64cfbcc53a90aee48ae42768f6bce1 | Triage

Sharing

General

Target

eaf1fbfb3c7d20830176ef7e9cafe8df_JaffaCakes118
Size

76KB
Sample

240919-kdzz8azdpn
MD5

eaf1fbfb3c7d20830176ef7e9cafe8df
SHA1

0f956d505508638e1b6c246c2e514a7d27d12140
SHA256

fcf82a7fc4e1cc2952da694daa959d579e64cfbcc53a90aee48ae42768f6bce1
SHA512

32cf52dd5576b50209483da83968e027992c35910a8e7da09127677fed62d6a3f28d2169a5a3c2b4c846f5cb37534364fac4801347e0f21df39a985d388d93aa
SSDEEP

768:qCM4PaJ1hW56NiAbvluqxwpG5Ywnp7SogziGCWPpnC3/dbdjNGCHZanCM4:q14PgTWgEYtxAWtdaKLHZw14

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://dfsdfbdz.cf/vvd2.bin

xor.base64

Targets

- Target
  
  eaf1fbfb3c7d20830176ef7e9cafe8df_JaffaCakes118
- Size
  
  76KB
- MD5
  
  eaf1fbfb3c7d20830176ef7e9cafe8df
- SHA1
  
  0f956d505508638e1b6c246c2e514a7d27d12140
- SHA256
  
  fcf82a7fc4e1cc2952da694daa959d579e64cfbcc53a90aee48ae42768f6bce1
- SHA512
  
  32cf52dd5576b50209483da83968e027992c35910a8e7da09127677fed62d6a3f28d2169a5a3c2b4c846f5cb37534364fac4801347e0f21df39a985d388d93aa
- SSDEEP
  
  768:qCM4PaJ1hW56NiAbvluqxwpG5Ywnp7SogziGCWPpnC3/dbdjNGCHZanCM4:q14PgTWgEYtxAWtdaKLHZw14
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader