guloader | ba69b44766436aa5dbd83711b7fbdeb2c5c3faf8350f99626dc4460222c94f36 | Triage

Sharing

General

Target

fb22a399994f0ffa43ddc8228d4bd5f7_JaffaCakes118
Size

96KB
Sample

240927-3zd9raydqf
MD5

fb22a399994f0ffa43ddc8228d4bd5f7
SHA1

391503a47e20ab4eeb9427638ddcd9fcb46be341
SHA256

ba69b44766436aa5dbd83711b7fbdeb2c5c3faf8350f99626dc4460222c94f36
SHA512

9dd74784866080656050310076628620175107228fcb058118e0332fd7a4e94c38d87bdd7a9f82dcc3e559faeee1dea7ad1f478a915b5bd84f8a8e029a9493bd
SSDEEP

768:veZZKvtZ0SvvaJSOSwPxJQkCTqER8EoK9k+pr1wUftpq:mZZKv3UOeJQkCeERkK9kH

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

https://tucompraperfecta.com/bin_encrypted_F8CB27F.bin

xor.base64

Targets

- Target
  
  fb22a399994f0ffa43ddc8228d4bd5f7_JaffaCakes118
- Size
  
  96KB
- MD5
  
  fb22a399994f0ffa43ddc8228d4bd5f7
- SHA1
  
  391503a47e20ab4eeb9427638ddcd9fcb46be341
- SHA256
  
  ba69b44766436aa5dbd83711b7fbdeb2c5c3faf8350f99626dc4460222c94f36
- SHA512
  
  9dd74784866080656050310076628620175107228fcb058118e0332fd7a4e94c38d87bdd7a9f82dcc3e559faeee1dea7ad1f478a915b5bd84f8a8e029a9493bd
- SSDEEP
  
  768:veZZKvtZ0SvvaJSOSwPxJQkCTqER8EoK9k+pr1wUftpq:mZZKv3UOeJQkCeERkK9kH
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader