guloader | 6f476c63a6d699d1f0166313deb1e0f623c689882de8411bcd4f0b4f880526dd | Triage

Sharing

General

Target

f6cb0491f71c8470bf6012a36a7fb4ef_JaffaCakes118
Size

120KB
Sample

240925-y5yhcswbrl
MD5

f6cb0491f71c8470bf6012a36a7fb4ef
SHA1

ecb9b1f54d73a0ae7d312cf5e51714a871d0ddde
SHA256

6f476c63a6d699d1f0166313deb1e0f623c689882de8411bcd4f0b4f880526dd
SHA512

6633debd6ff2987231d8aa5c9e74c68636ec653c7423e5aaf5376724a6858981abac47780731c9c69375226d7b970545b43522757ba31f127fad16dfca1a54b4
SSDEEP

1536:qMPWczFRB6REkV4Y1M7wrZzj5hsRUe9CdmGKtWWcHvZx0FpSvZpD7o4VOSD:xWcznaEG4YuIZfIUeomGDhHR2ncIS

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  f6cb0491f71c8470bf6012a36a7fb4ef_JaffaCakes118
- Size
  
  120KB
- MD5
  
  f6cb0491f71c8470bf6012a36a7fb4ef
- SHA1
  
  ecb9b1f54d73a0ae7d312cf5e51714a871d0ddde
- SHA256
  
  6f476c63a6d699d1f0166313deb1e0f623c689882de8411bcd4f0b4f880526dd
- SHA512
  
  6633debd6ff2987231d8aa5c9e74c68636ec653c7423e5aaf5376724a6858981abac47780731c9c69375226d7b970545b43522757ba31f127fad16dfca1a54b4
- SSDEEP
  
  1536:qMPWczFRB6REkV4Y1M7wrZzj5hsRUe9CdmGKtWWcHvZx0FpSvZpD7o4VOSD:xWcznaEG4YuIZfIUeomGDhHR2ncIS
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader