guloader | bfa21c905d4138da6271a80bf8bbe683a5803a5653555c116151e28c1539f79e | Triage

Sharing

General

Target

eec2c1539eebe98ff2430443c84b502c_JaffaCakes118
Size

72KB
Sample

240921-a7wvjsxcnb
MD5

eec2c1539eebe98ff2430443c84b502c
SHA1

0321261ab00e21f04e6fce3b1d4bfe3922ed3cbd
SHA256

bfa21c905d4138da6271a80bf8bbe683a5803a5653555c116151e28c1539f79e
SHA512

e22d1d910337611b56230c4272ebf2b147d0e68b6943c3fe94fb328d966a152b27ec0ad0ff42fbf145e406d8d5de1e472e640d6f71d440707c86522e93871cab
SSDEEP

768:QsUuSrrHS7KljKrdFbCAX6e37Gy09BHqvgJtnvqfYfvhnEHqU09bS7KljKrdFbCK:QsKrr7ATfWHlvVEHp6ATbrr

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=19zRmRWEbe_tvCeYLoFlJAOjP43TkIzc3

xor.base64

Targets

- Target
  
  eec2c1539eebe98ff2430443c84b502c_JaffaCakes118
- Size
  
  72KB
- MD5
  
  eec2c1539eebe98ff2430443c84b502c
- SHA1
  
  0321261ab00e21f04e6fce3b1d4bfe3922ed3cbd
- SHA256
  
  bfa21c905d4138da6271a80bf8bbe683a5803a5653555c116151e28c1539f79e
- SHA512
  
  e22d1d910337611b56230c4272ebf2b147d0e68b6943c3fe94fb328d966a152b27ec0ad0ff42fbf145e406d8d5de1e472e640d6f71d440707c86522e93871cab
- SSDEEP
  
  768:QsUuSrrHS7KljKrdFbCAX6e37Gy09BHqvgJtnvqfYfvhnEHqU09bS7KljKrdFbCK:QsKrr7ATfWHlvVEHp6ATbrr
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader