guloader | e498bb95445b785fad79f8b598cb0548cbce05f4833106b5f137c38a3a07751a | Triage

Sharing

General

Target

5888c8f7a1e577dcdef074b9a4692163_JaffaCakes118
Size

148KB
Sample

241018-veze7axglh
MD5

5888c8f7a1e577dcdef074b9a4692163
SHA1

f79e3b22ead819d39992c9fb68d24734ceaf6f10
SHA256

e498bb95445b785fad79f8b598cb0548cbce05f4833106b5f137c38a3a07751a
SHA512

f458da9264801fefaa2b786b9230b9898bcbe42499a5f45b4e83ef09a5354b5eee68f38b394846106d253732b78b6cab0b642e88770c15694ff8fff71cf32b8b
SSDEEP

1536:7E4FVqmDcU0oruIRiMGWtsA9MGNjPj7GZUib9DYIz:ZVSIRiLSsA9MIrOtJv

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  5888c8f7a1e577dcdef074b9a4692163_JaffaCakes118
- Size
  
  148KB
- MD5
  
  5888c8f7a1e577dcdef074b9a4692163
- SHA1
  
  f79e3b22ead819d39992c9fb68d24734ceaf6f10
- SHA256
  
  e498bb95445b785fad79f8b598cb0548cbce05f4833106b5f137c38a3a07751a
- SHA512
  
  f458da9264801fefaa2b786b9230b9898bcbe42499a5f45b4e83ef09a5354b5eee68f38b394846106d253732b78b6cab0b642e88770c15694ff8fff71cf32b8b
- SSDEEP
  
  1536:7E4FVqmDcU0oruIRiMGWtsA9MGNjPj7GZUib9DYIz:ZVSIRiLSsA9MIrOtJv
Score

10^/10

guloader discovery downloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader