guloader | 4559d14535f753cae85b66e02e79af92e1bd916180aff0bbbd2a2cb31908a52a | Triage

Sharing

General

Target

19b5cc84d1b9011bfd4ee62b5df44605_JaffaCakes118
Size

180KB
Sample

241006-ztsneazdpb
MD5

19b5cc84d1b9011bfd4ee62b5df44605
SHA1

c4bff98a2f68eedcc8eb047220308c6a640b0b5e
SHA256

4559d14535f753cae85b66e02e79af92e1bd916180aff0bbbd2a2cb31908a52a
SHA512

91d2fa12e029e98029c80854bed1acc27153ed4fc2029bb5784ee62955a56b53c64d0b41ee4f1a2529f496dda834f00804caf65acf68988ea4503e9907c89cd7
SSDEEP

3072:rTi/J486kf1Wczn3qscQ0lwebiYy92PvNPAPSntSMjjir3L:rTixtOsc/ldWYy9KNPtO

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  19b5cc84d1b9011bfd4ee62b5df44605_JaffaCakes118
- Size
  
  180KB
- MD5
  
  19b5cc84d1b9011bfd4ee62b5df44605
- SHA1
  
  c4bff98a2f68eedcc8eb047220308c6a640b0b5e
- SHA256
  
  4559d14535f753cae85b66e02e79af92e1bd916180aff0bbbd2a2cb31908a52a
- SHA512
  
  91d2fa12e029e98029c80854bed1acc27153ed4fc2029bb5784ee62955a56b53c64d0b41ee4f1a2529f496dda834f00804caf65acf68988ea4503e9907c89cd7
- SSDEEP
  
  3072:rTi/J486kf1Wczn3qscQ0lwebiYy92PvNPAPSntSMjjir3L:rTixtOsc/ldWYy9KNPtO
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader