guloader | db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea | Triage

Sharing

General

Target

8a8006fefc0565530f63be48c5e24631_JaffaCakes118
Size

152KB
Sample

241103-j9gcbazdmp
MD5

8a8006fefc0565530f63be48c5e24631
SHA1

cfdacf507d4bf932401642dd7c62d8aae6dc65f3
SHA256

db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea
SHA512

2d62c365578a329bc995feff1abe473c82675c3c97660e46139859505f088efc0107a2d227d6fd9fb46dc7204c7dacd6e5ebea48751b9953b87e3797f5eea956
SSDEEP

3072:gxEJpxEqxE2wzwcqvJRFwasAe3crw9xEAxEKxEJ:GEJ7EAE2Uqh0+6EmEgEJ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  8a8006fefc0565530f63be48c5e24631_JaffaCakes118
- Size
  
  152KB
- MD5
  
  8a8006fefc0565530f63be48c5e24631
- SHA1
  
  cfdacf507d4bf932401642dd7c62d8aae6dc65f3
- SHA256
  
  db48dc160b1f48b8939b0d49c5f0bee2a28bc3b340cff62cea8da50424e1afea
- SHA512
  
  2d62c365578a329bc995feff1abe473c82675c3c97660e46139859505f088efc0107a2d227d6fd9fb46dc7204c7dacd6e5ebea48751b9953b87e3797f5eea956
- SSDEEP
  
  3072:gxEJpxEqxE2wzwcqvJRFwasAe3crw9xEAxEKxEJ:GEJ7EAE2Uqh0+6EmEgEJ
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader