guloader | dfcf14a0653a6b274948af6f9956eed918987c730e235d260f069d73e4481f25

General

Target

2e24786e3a50dddc9e8044942ed76557.bin
Size

677KB
Sample

241114-bg4m5ssdke
MD5

159acbf22b95c17e6548a007f26fb387
SHA1

eaf520ec1eef2ba05bdd924e8bbc00c4687f3465
SHA256

dfcf14a0653a6b274948af6f9956eed918987c730e235d260f069d73e4481f25
SHA512

974d2487e6768d6951cedea639d6aec3a906b652b294360a2899211d57424ff0d12913ee7d642ea6a40b0001e24285a96067e0a87d7aa602ef5ea302a43f4f0e
SSDEEP

12288:DM7lObGKaMSQThCEDPbiSLHmvcSxxypgjmAAjqDoXgBK1TV4rWl:oAbGDCThbbzLmxhilQK1TV4rWl

Score

10^/10

Malware Config

Targets

- Target
  
  ccacb1863cfc340af0f45f145ac924ac57907cfadb199f8ba84c6429c43bba28.exe
- Size
  
  738KB
- MD5
  
  2e24786e3a50dddc9e8044942ed76557
- SHA1
  
  fd17c905199eaa0933fb9b78b45ca0c4e87c787c
- SHA256
  
  ccacb1863cfc340af0f45f145ac924ac57907cfadb199f8ba84c6429c43bba28
- SHA512
  
  029375abc32bfd0495334a893682a31ccfeb2251b0d5c64f99cd2b6e6ce96eb10359fbf00b598279f6d5b896ee75da0f3a092f9de610be9b9c33ee23a4a040b3
- SSDEEP
  
  12288:oyoqBI5daGf9SVr5Y91FmGe1C1scoGcZhAkFN2ZTyWy0ctqhm2V76:oyocI7aGf9mgjmPSsccAgN2ZT1HI2V76
Score

10^/10

discovery execution guloader downloader persistence
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  Jumblement.Kar
- Size
  
  50KB
- MD5
  
  5f22e57b55aa6e31d0606fa12e0ee584
- SHA1
  
  e83cf829d2d46ce8a16f117a437a32ad63c1173d
- SHA256
  
  0fd8188279b05a111878389f3fe41f48f28d27249560005ae6977b0e8fb137b2
- SHA512
  
  7c9ed6698e7e593597c92169c5ea97447b786439c09f33e26877852fae74dbdd8082c463baa3f5fefea9b3bb05014999389ec8f306e055ed5c99338fe0335900
- SSDEEP
  
  1536:FfJI40kmkpIZNOVdVbTdiU0J/qK2ROiuBhJ9L:FfJ6lkqNYs3eO//
Score

8^/10

execution persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4