guloader | e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9 | Triage

Sharing

General

Target

JaffaCakes118_e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9
Size

319KB
Sample

241222-j3pp4s1kem
MD5

5b14f7e5a7da701c270eb40e66c98b11
SHA1

13fbafc04f35ede1deda6daec4c9f32bbf2d11da
SHA256

e3471dc1dda5a8259a85c90f5a66c60fb1f3b4e5b45cb3f3f49a43d97888fef9
SHA512

61b3f03a4d1268e7d4263ba6b8a281a4e7056b281ce4be878b477e65a0f410bbc3d7836ef37fb749135c91816b882b8fb328ae6994e59a9dbfb7a99897db0e1e
SSDEEP

6144:LDJW3ndf/h5SjwVSSzobWFElqauUOXaMBykPVisTHtpL01JP0TRaE3dsJa:BW3n5hrgoBcktikbLCJP4sJa

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Pepsico LLC RFQ Information.exe
- Size
  
  476KB
- MD5
  
  03488a1b8a6a8c42d18a63a68ca789d7
- SHA1
  
  2b46352078bd5de68e50cd16b7923f546e046602
- SHA256
  
  670532cd42859deefb166e5ed29997e67f1f9902a561d016fadf4c82f2f8f752
- SHA512
  
  762eecfd0a27242a339a052b75401c0fd190e1e54d244c26bd4fc9ec1e84237feb9f3d8d63f72761efefd80e704ac6a9e7c2d946006dbb9d8325fd63e02b938a
- SSDEEP
  
  12288:yY9BpM9pWRYjv8ympaWrzro1APuJhPlmeB:yxozM/jB
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Festucine/Blamer33/Othellokages/AutoConnectHelper.exe
- Size
  
  36KB
- MD5
  
  1ad4fbd790d3c474055c2559a634f9b5
- SHA1
  
  424d92d08d9ea5db311ec0b5ed3522ec691e6584
- SHA256
  
  4107a546e3a7206091d15b368df14236099b38356bcd834680cd5f7931621aa8
- SHA512
  
  a4870f4039e97dbda21b5c12c421c91947965a22c0c88217ce9ca24f1b8a68b4fe21193676a64d188e20afd38d14f019462ec01d050a5274e43944e5ad094c0a
- SSDEEP
  
  768:ToPOLj8Ylx5VlMHrRQ39jBDDZ4Syh/+ucccOAhJ:P7lXMNS9jZVu/+ucI4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Sollar/System.Runtime.Extensions.dll
- Size
  
  16KB
- MD5
  
  b879c937737592612dea79f330ea70b4
- SHA1
  
  59b3fb0be047b48cf6f8177f19298f6ad850b390
- SHA256
  
  1b9b3244ef33adc14a6b2af0c58489df0238cf1ccf6649e7648845d8af51ed0e
- SHA512
  
  5a02e3d80c10a4dd7babdbbdbc1ff11e6c87538c25e14d320445692fda1c8600e6b278413d17594c7ef9b4399a30a566255ea18a613995bdffc88289d81d66cd
- SSDEEP
  
  384:z58KUByGe9xCEW62XWXNWqla/uPHRN7493LlqR:dpUByGeo0ZluMf
Score

1^/10
behavioral7 behavioral8
- Target
  
  Sollar/liboscar.dll
- Size
  
  308KB
- MD5
  
  c3478f9eef7cfabc6be55633be2ef30f
- SHA1
  
  6f4002bc71746290fb6a38bd38c205f22bd29bed
- SHA256
  
  71a27640a2b3ffa84c8d90c3621c9638c290d179ba996a004c13b4fa2f11067f
- SHA512
  
  24eea221f172119739f004079a65e8bca400b40f80e0e428ea7880614184aa806e3b979102cb3ece225232f8aec4948da80ac7157994c12d331e040897e1e87c
- SSDEEP
  
  6144:6cXM/De4unKXv4iqhUc/EfyCarKR6pNMx53dekMyap:6cXKDe2XLgEfSrwt/ap
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10