guloader | ca4de6db62d461d570dc13bd7501e75f78a9af1450b393eaecf5d60b7bec1132 | Triage

Sharing

General

Target

f2fa7b4d67d062eeb5d00df8795d6d77_JaffaCakes118
Size

48KB
Sample

240923-ya3tlasdpb
MD5

f2fa7b4d67d062eeb5d00df8795d6d77
SHA1

7ad036612da619827f920e6967ed3c9ea0aff7b6
SHA256

ca4de6db62d461d570dc13bd7501e75f78a9af1450b393eaecf5d60b7bec1132
SHA512

36407977104dec0192d5c2bc9d869be286284ae43788d94485bb6b2f035d2969ee22af31fd08a5db38b3798f3a0b52861d7bccc4482d6a6727a491133f6a9a72
SSDEEP

384:h/HuK2BXodAy8X3cvMhGcKyG0PJNedLgefKhXvifLp9+Qam3k9dzYai35f:9HuK2BYdATMvMMByGuJcHUifgmS45

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

http://ghettohub.co.za/bin_TtPVWBIHZ217.bin

xor.base64

Targets

- Target
  
  f2fa7b4d67d062eeb5d00df8795d6d77_JaffaCakes118
- Size
  
  48KB
- MD5
  
  f2fa7b4d67d062eeb5d00df8795d6d77
- SHA1
  
  7ad036612da619827f920e6967ed3c9ea0aff7b6
- SHA256
  
  ca4de6db62d461d570dc13bd7501e75f78a9af1450b393eaecf5d60b7bec1132
- SHA512
  
  36407977104dec0192d5c2bc9d869be286284ae43788d94485bb6b2f035d2969ee22af31fd08a5db38b3798f3a0b52861d7bccc4482d6a6727a491133f6a9a72
- SSDEEP
  
  384:h/HuK2BXodAy8X3cvMhGcKyG0PJNedLgefKhXvifLp9+Qam3k9dzYai35f:9HuK2BYdATMvMMByGuJcHUifgmS45
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader