guloader | 4f0b841c0625f3b5d2ca401e8c10149bbd42e0fb3c1a9da22ed75704258a3282 | Triage

Sharing

General

Target

1ff5c6f01fda5b5abac657c44da7ccda_JaffaCakes118
Size

180KB
Sample

241008-gpzbaasdlp
MD5

1ff5c6f01fda5b5abac657c44da7ccda
SHA1

f09db111607f52a9e555f94949002101cef5c820
SHA256

4f0b841c0625f3b5d2ca401e8c10149bbd42e0fb3c1a9da22ed75704258a3282
SHA512

553a3747d0889424e8c5e4d66514bd091a38b7f73834406bf4f2189d9d50458f5d3306b6be8a5c39803a8f6c45bc430b9b6eecc1233c4b110dca0d408a8889f8
SSDEEP

3072:cT5426q3h21svWcznVwfyR8k+DQAYCdOVgHdd2n315jQIoPUaT:cTagvtBwKR81YoMgKDu

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  1ff5c6f01fda5b5abac657c44da7ccda_JaffaCakes118
- Size
  
  180KB
- MD5
  
  1ff5c6f01fda5b5abac657c44da7ccda
- SHA1
  
  f09db111607f52a9e555f94949002101cef5c820
- SHA256
  
  4f0b841c0625f3b5d2ca401e8c10149bbd42e0fb3c1a9da22ed75704258a3282
- SHA512
  
  553a3747d0889424e8c5e4d66514bd091a38b7f73834406bf4f2189d9d50458f5d3306b6be8a5c39803a8f6c45bc430b9b6eecc1233c4b110dca0d408a8889f8
- SSDEEP
  
  3072:cT5426q3h21svWcznVwfyR8k+DQAYCdOVgHdd2n315jQIoPUaT:cTagvtBwKR81YoMgKDu
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader