guloader | 582c7a9d41684c01b503c411ce2edacd1bcf1b298e7c904718a55f3889d28509 | Triage

Sharing

General

Target

ef5b493d9f0cc3fc77d176514f59ebce_JaffaCakes118
Size

176KB
Sample

240921-jqqfwasarp
MD5

ef5b493d9f0cc3fc77d176514f59ebce
SHA1

159383df978d817fda509c2f6cbb3ce64f70f24c
SHA256

582c7a9d41684c01b503c411ce2edacd1bcf1b298e7c904718a55f3889d28509
SHA512

01d2eea3434725f42fcba2aa4516d3e9b07de5de878ccd37910a58b7c7f65126987a09c7975213462360d8745eb2996b1151ac218b58666926b4de6b62749fdf
SSDEEP

1536:2WU4j6iAxUazRrE8272/S8vZMQKXPRnZoJ3pTJZQb:2WUQ6iAxdxL26xvZiZnSJ3pTJSb

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1VVEsy2z-Lqx6Tkbg4tlN6vp80EESLHVt

xor.base64

Targets

- Target
  
  ef5b493d9f0cc3fc77d176514f59ebce_JaffaCakes118
- Size
  
  176KB
- MD5
  
  ef5b493d9f0cc3fc77d176514f59ebce
- SHA1
  
  159383df978d817fda509c2f6cbb3ce64f70f24c
- SHA256
  
  582c7a9d41684c01b503c411ce2edacd1bcf1b298e7c904718a55f3889d28509
- SHA512
  
  01d2eea3434725f42fcba2aa4516d3e9b07de5de878ccd37910a58b7c7f65126987a09c7975213462360d8745eb2996b1151ac218b58666926b4de6b62749fdf
- SSDEEP
  
  1536:2WU4j6iAxUazRrE8272/S8vZMQKXPRnZoJ3pTJZQb:2WUQ6iAxdxL26xvZiZnSJ3pTJSb
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader