guloader | c124d47b93d73f9bf5b19516a20019ff3c225625a3e56dfb6a8551ba120eb807 | Triage

Sharing

General

Target

ec7cbc668549e66cb5487e5ef8867ea7_JaffaCakes118
Size

1.2MB
Sample

240920-avafsazcnq
MD5

ec7cbc668549e66cb5487e5ef8867ea7
SHA1

4f69cdbc1865f206df86905df14ad57afc68bbe1
SHA256

c124d47b93d73f9bf5b19516a20019ff3c225625a3e56dfb6a8551ba120eb807
SHA512

c0b1eec1f8260c3292e84f88db2d2a403eacf03a5e7eced1d0c09afa28ab950c226e479c8766094f6007fe0c6a473728419eb40ef586a728cf65eeb79797feca
SSDEEP

1536:dAdD8EvtvPTiAUNnfbZ0kX2AOGwvVST2vF:dqAEvF7R2bV3OGwvVSTSF

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://onedrive.live.com/download?cid=CFD8E120D47DF1A4&resid=CFD8E120D47DF1A4%211125&authkey=AAm101ozDoKFvk4

xor.base64

Targets

- Target
  
  QUALITATIVE.exe
- Size
  
  100KB
- MD5
  
  63e36e7345f80e31c5f390ff0516120c
- SHA1
  
  775dc1c5d77b0bbbc5c27aabbafa46ca2e21cc24
- SHA256
  
  f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
- SHA512
  
  4cb779cb0ba82ab4b80977b0646c749acf09c0859da8a2082f5b542f9137dd0758cde6f10cc74aaa45eb6c95c9a11fe2f3b87e2993fb5400f146c1481513bbb9
- SSDEEP
  
  1536:cdD8EvtvPTiAUNnfbZ0kX2AOGwvVST2vF:OAEvF7R2bV3OGwvVSTSF
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader