guloader | eed3c571b2769d58f5a7543cba5c805acae2403bc5fdaedb171701a430a36fed | Triage

Sharing

General

Target

fb13adf0c54943795f49d6faaab03896_JaffaCakes118
Size

60KB
Sample

240927-27rpdaxbmc
MD5

fb13adf0c54943795f49d6faaab03896
SHA1

f4ddf0dfd479337a4e9bfaf192c1842cc07f437a
SHA256

eed3c571b2769d58f5a7543cba5c805acae2403bc5fdaedb171701a430a36fed
SHA512

107b9c67df19dc883802f93f885469d6c3166921bacd37588e96291527315e1af5aaa2e60985f4b61b49eeddafefae325688237e03d9ddde4ebf1d746833d3de
SSDEEP

768:cYBnWfcQvkQ3GsspHrSw2N7JnCXpkGfaN5qSgmpPWLNl2BD98qI9bV:c30Qvr3GsG+wYZCXGGfaSxLyoqgV

Score

10^/10

guloader discovery downloader guloader persistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1qkBF7CJtNtikeSamnaw_QoVf18a1vB30

xor.base64

Targets

- Target
  
  fb13adf0c54943795f49d6faaab03896_JaffaCakes118
- Size
  
  60KB
- MD5
  
  fb13adf0c54943795f49d6faaab03896
- SHA1
  
  f4ddf0dfd479337a4e9bfaf192c1842cc07f437a
- SHA256
  
  eed3c571b2769d58f5a7543cba5c805acae2403bc5fdaedb171701a430a36fed
- SHA512
  
  107b9c67df19dc883802f93f885469d6c3166921bacd37588e96291527315e1af5aaa2e60985f4b61b49eeddafefae325688237e03d9ddde4ebf1d746833d3de
- SSDEEP
  
  768:cYBnWfcQvkQ3GsspHrSw2N7JnCXpkGfaN5qSgmpPWLNl2BD98qI9bV:c30Qvr3GsG+wYZCXGGfaSxLyoqgV
Score

10^/10

guloader discovery downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloaderpersistence

behavioral2

guloaderdiscoverydownloaderguloaderpersistence