guloader | 22c12442f9ec85f619409b34efefe91b702d128ac6e0ebb4e27c021de64fd394 | Triage

Sharing

General

Target

JaffaCakes118_22c12442f9ec85f619409b34efefe91b702d128ac6e0ebb4e27c021de64fd394
Size

175KB
Sample

241222-dg1bts1mal
MD5

b6f5664ca3261543c8597f8d430cd931
SHA1

ca8995bbfd2a50a7355a230e4ff5c32ce73d0f18
SHA256

22c12442f9ec85f619409b34efefe91b702d128ac6e0ebb4e27c021de64fd394
SHA512

c6bf98e51f4446f2c7fc4a7d012ea115d9db1c0c31aaa2d6a55366440e5db26215ec3b6903c59b527922e8a4c1f4d34b8b2119afcfd0b737611c470a480e8ffb
SSDEEP

3072:DbBANMG8Fo23Deq4ZqPELvGWpiqML3V2lZwPP1xZb+73fXn7tIk6h:PBANMGkoKSq4ZzL+WUqGV2e9Pb4jtIJ

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  4783eea1eb0d11b98d15039aa6c9e5297ca7d166d3744c61ee09675f593e7300
- Size
  
  246KB
- MD5
  
  8ec815faae06ac952b5f1b173446946c
- SHA1
  
  df6c7646bad782a890558d0e4324ed01ce81da60
- SHA256
  
  4783eea1eb0d11b98d15039aa6c9e5297ca7d166d3744c61ee09675f593e7300
- SHA512
  
  b1f083dc00f485fa2f6acaec22d98d8f547e520638bc9fc0293db90ab263cc7197ed39734f07609ab906375fbc875c82b24e467ea8fac1df09afb554f9a970cc
- SSDEEP
  
  6144:iT4Dt+KsyVTQuVy808j/EP/ZHUr/ic2rsqVAxvOz7:iTKtVTQur084/Q/er1VN
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  6e55a6e7c3fdbd244042eb15cb1ec739
- SHA1
  
  070ea80e2192abc42f358d47b276990b5fa285a9
- SHA256
  
  acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
- SHA512
  
  2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35
- SSDEEP
  
  192:MenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBaIwL:M8+Qlt70Fj/lQRY/9VjjgL
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4