guloader | 2e6c8c289deb4e04aa77b08d453e8bb63ece89fa9311b7fdafb3f68ffba79992 | Triage

Sharing

General

Target

JaffaCakes118_2e6c8c289deb4e04aa77b08d453e8bb63ece89fa9311b7fdafb3f68ffba79992
Size

52KB
Sample

241226-w63scsvlam
MD5

c2045587eb9a245362b307c051c19bad
SHA1

3a15af68341d4ff08025a39dad92e67a5fafa687
SHA256

2e6c8c289deb4e04aa77b08d453e8bb63ece89fa9311b7fdafb3f68ffba79992
SHA512

a134351b54a80e81ca2247452913bd1a267e99ca2d5985d263958258851994581a366134c0167bee51680b0c02f04315fe0d8be053684ea3869c4ac767efed76
SSDEEP

768:Uq9SBya4007j7EtSLvbd1su8poO0AUYiKFLorJjICw91oAuUteKW5GQyhS4PCRXn:Uq9mya4087EEJ1aotYiIHCwgevQ6S8C9

Score

10^/10

guloader discovery downloader persistence

Malware Config

Targets

- Target
  
  EFT Payment Advice.bin
- Size
  
  128KB
- MD5
  
  1c4f0c8a3980ddb659d4ad8e91d7618d
- SHA1
  
  056cc5e13f2417bab9252d8119ac2bccfaee40fd
- SHA256
  
  7ff4fa75489bccc3b2530358950665e594636699d68c07eb742cba4e70a7668c
- SHA512
  
  5a55f59808e23ba7ed00f35ac64342d594987464a2a954107c5ecfe0b9c86eb6b58e3c18db95570a6d2c43877f199f986bb0f3a5a0190280b2a02b11019b79b2
- SSDEEP
  
  1536:JtTodMBHMVqPg0V9vCPuEfeuAdCA8KCkS88iFub:3pqkNV1CPuqend38bqs
Score

10^/10

guloader discovery downloader persistence
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloaderpersistence

behavioral2

guloaderdiscoverydownloaderpersistence