guloader | bf97fc4685ac1afb19e0a6815277622a90b4e3852cd29709f6fd619e4e3eafd1 | Triage

Sharing

General

Target

24571a6437f3cbe7f8cea573aef6e9d6_JaffaCakes118
Size

44KB
Sample

241008-ybgmraybnn
MD5

24571a6437f3cbe7f8cea573aef6e9d6
SHA1

38669067f5df9d7c4decc16b5620ea1fa97694cf
SHA256

bf97fc4685ac1afb19e0a6815277622a90b4e3852cd29709f6fd619e4e3eafd1
SHA512

ef6ec2fc39a6b295848e4598352ffba0e3d24f2b3deeb5ce72ae28d1422b86589657fbbdcb538f23487ae013717ac12950b1d10d1700d9c7c0f19c777d3c0e1e
SSDEEP

768:t+UMDR+fWdeZ6bbo2H2NKRdW0swFc0P8dVr/:t+Uk+gPHJRdW0swbPEr/

Score

10^/10

guloader discovery downloader guloader persistence

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1mK8LhnBsKo-Zn7Qnqp0FQO7GNxXp7Bq0

xor.base64

Targets

- Target
  
  24571a6437f3cbe7f8cea573aef6e9d6_JaffaCakes118
- Size
  
  44KB
- MD5
  
  24571a6437f3cbe7f8cea573aef6e9d6
- SHA1
  
  38669067f5df9d7c4decc16b5620ea1fa97694cf
- SHA256
  
  bf97fc4685ac1afb19e0a6815277622a90b4e3852cd29709f6fd619e4e3eafd1
- SHA512
  
  ef6ec2fc39a6b295848e4598352ffba0e3d24f2b3deeb5ce72ae28d1422b86589657fbbdcb538f23487ae013717ac12950b1d10d1700d9c7c0f19c777d3c0e1e
- SSDEEP
  
  768:t+UMDR+fWdeZ6bbo2H2NKRdW0swFc0P8dVr/:t+Uk+gPHJRdW0swbPEr/
Score

10^/10

guloader discovery downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderguloaderpersistence

behavioral2

guloaderdiscoverydownloaderguloaderpersistence