guloader | 0057f1e5f1f1292ed86d7a43b8fee37d1ce4c02a0023d61cb9b8b1cfa122b9f4 | Triage

Sharing

General

Target

1b1e9ab2407d7e425c38532550eb5471_JaffaCakes118
Size

180KB
Sample

241007-dh7gja1glr
MD5

1b1e9ab2407d7e425c38532550eb5471
SHA1

95cef3f8bc734a608bcffd17cd74aa5596e7e92f
SHA256

0057f1e5f1f1292ed86d7a43b8fee37d1ce4c02a0023d61cb9b8b1cfa122b9f4
SHA512

6953cc91f1d200357704d4a02af203dcb8626af4a06f6cfd770584438bb2e82f92edc231195060cb8cd389f9980ea2247daec8742b7f76a6987714b94d5ee836
SSDEEP

3072:bT+6q3h21hWcznm2HQ9Qv3wPR2nrCRjjA69NZ:bT1tCoQuqsQJ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  1b1e9ab2407d7e425c38532550eb5471_JaffaCakes118
- Size
  
  180KB
- MD5
  
  1b1e9ab2407d7e425c38532550eb5471
- SHA1
  
  95cef3f8bc734a608bcffd17cd74aa5596e7e92f
- SHA256
  
  0057f1e5f1f1292ed86d7a43b8fee37d1ce4c02a0023d61cb9b8b1cfa122b9f4
- SHA512
  
  6953cc91f1d200357704d4a02af203dcb8626af4a06f6cfd770584438bb2e82f92edc231195060cb8cd389f9980ea2247daec8742b7f76a6987714b94d5ee836
- SSDEEP
  
  3072:bT+6q3h21hWcznm2HQ9Qv3wPR2nrCRjjA69NZ:bT1tCoQuqsQJ
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader