guloader | a531f76cd54f5f1d0e1628e1524d92f6888ef7fc5be65646b2dc2ba6ddd22251 | Triage

Sharing

General

Target

fbdfc5e3e8b77e82fe7813e6f76f2d26_JaffaCakes118
Size

16KB
Sample

240928-j6edjswann
MD5

fbdfc5e3e8b77e82fe7813e6f76f2d26
SHA1

94f7468f501af024d5192f353f6a7de529450caf
SHA256

a531f76cd54f5f1d0e1628e1524d92f6888ef7fc5be65646b2dc2ba6ddd22251
SHA512

b8fb2e50dc935f715268e3ea3f7fef1dfaa1e6bb081058c841cfae95894d977a986fc4aa66a4e6eda1225aaa5c69ae03c0d4e863f4b904957c1c0b08c10f086d
SSDEEP

384:IdMrDvzLlMTYMxzp4ie8DGW3szzwPYEeV0XFv2/d9:oqD5upFnDVKzwPYrV0Vu/d9

Score

10^/10

guloader discovery downloader

Malware Config

Extracted

Family

guloader

C2

http://castmart.ga/~zadmin/icloud/chs_encrypted_CE5E8CF.bin

xor.base64

Targets

- Target
  
  FedEx - pdf.exe
- Size
  
  44KB
- MD5
  
  aa890fe58f0213d807f5cfe5225ce6f6
- SHA1
  
  e1801b3fef0108f6ed52bc208ced3172f055f554
- SHA256
  
  d903f13829898df4cbc159665a0772cb66b0c78dcbd0edc2bfc2cd3e1c1cbca7
- SHA512
  
  3cecb519b1b7cfac61f82f63feb15b74be4c1495897313203c2fea845f47eccfc13dde89cca7f43fcdaa0a6a661e17fd621f0670e3237969085cfa2b29c05e99
- SSDEEP
  
  384:uliF/weWx/018HKdNgQcTpSHr53y0r/TQSkNsnNjBGZDj5W+nHil7kHQFcCkcKmp:/4eWxw8oZc83y0zKsnx0ipINcxTv/
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader