guloader | 47046d5dfe7ecf45e4c31f25b975af78684f9727b91a7d052b5731e95d2f0a4c | Triage

Sharing

General

Target

2185f799306271f52a13cfe6391ead41_JaffaCakes118
Size

152KB
Sample

241008-pl3hja1ajh
MD5

2185f799306271f52a13cfe6391ead41
SHA1

f0f925827d87f175ea20836e3f1e45a9e9a2a913
SHA256

47046d5dfe7ecf45e4c31f25b975af78684f9727b91a7d052b5731e95d2f0a4c
SHA512

fc9f5ac070af8d4b1612c52efeb998b2eb1c98d8d2d7808c56324979993fbe78e339566771d185c7108ec97b87f10d2821f2f41fd5609fa22f62b301aecc3069
SSDEEP

3072:2xEJpxEqxE2wzjo4i4EH5e2nnMCaKACgQrw9xEAxEKxEJ:UEJ7EAE2HAEZfnnUA6EmEgEJ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  2185f799306271f52a13cfe6391ead41_JaffaCakes118
- Size
  
  152KB
- MD5
  
  2185f799306271f52a13cfe6391ead41
- SHA1
  
  f0f925827d87f175ea20836e3f1e45a9e9a2a913
- SHA256
  
  47046d5dfe7ecf45e4c31f25b975af78684f9727b91a7d052b5731e95d2f0a4c
- SHA512
  
  fc9f5ac070af8d4b1612c52efeb998b2eb1c98d8d2d7808c56324979993fbe78e339566771d185c7108ec97b87f10d2821f2f41fd5609fa22f62b301aecc3069
- SSDEEP
  
  3072:2xEJpxEqxE2wzjo4i4EH5e2nnMCaKACgQrw9xEAxEKxEJ:UEJ7EAE2HAEZfnnUA6EmEgEJ
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader