guloader | e31e9d6d56e1c173a86184d028b3fd16ccc9984be27efa321bf2106bdffc2e92 | Triage

Sharing

General

Target

JaffaCakes118_e31e9d6d56e1c173a86184d028b3fd16ccc9984be27efa321bf2106bdffc2e92
Size

247KB
Sample

241226-ydbvaawpcz
MD5

6e5506caf9e3a13567a435f44328ba6e
SHA1

c6ccb28d65108bbd0913b8dfc30ae1ed0b8d6e74
SHA256

e31e9d6d56e1c173a86184d028b3fd16ccc9984be27efa321bf2106bdffc2e92
SHA512

9a71a688af0a1381b872487ad32a7e1cc48748c156d29f552e9c35f8d2c2b88a3579661d312ba34f39f8dd3dceb6d3f37ef5470a18736f2a897867d7346729f8
SSDEEP

6144:TBNtVUs+SxmBoSiO1QE14DdG6WYHBnTcyrUiSzqROav2pjPpn5Jz:T/tV2S8oKmG4JhvHCaoenu5hn5F

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Justificante de Transferencia.exe
- Size
  
  276KB
- MD5
  
  d9d7ed1ebbeb8032c492788c827b5575
- SHA1
  
  50ede747462811dcd8a6a1c7d90badce6821f4c6
- SHA256
  
  dbab95bfe56a7e0a0425eb323f49f545f236168494f79e440279470d0af5652f
- SHA512
  
  e11c47554f83674a63d1c41928914ceda1c728c635241a3556e2fdd745d42d245bc4c029068abf9e2d42e9d43cd0c58dd208533c3a914b2a8dc7bd702d154314
- SSDEEP
  
  6144:91ssj6pU6jKfwAf17mUFEuwMMMMMMMMMMMMMMMMMMYMMMMMMMMMMMMMMMMMMUo+9:4sW/2wAf17FGMMMMMMMMMMMMMMMMMMYi
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  792b6f86e296d3904285b2bf67ccd7e0
- SHA1
  
  966b16f84697552747e0ddd19a4ba8ab5083af31
- SHA256
  
  c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917
- SHA512
  
  97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c
- SSDEEP
  
  192:rFiQJ771Jt17C8F1A5xjGNNvgFOiLb7lrT/L93:X71Jt48F2eNvgFF/L
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  kameraetuiets/UNDERLEGENHEDEN/Skelstning6/Tempelherres3/btvstack.exe.mui
- Size
  
  1KB
- MD5
  
  5343c1a8b203c162a3bf3870d9f50fd4
- SHA1
  
  04b5b886c20d88b57eea6d8ff882624a4ac1e51d
- SHA256
  
  dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
- SHA512
  
  e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  kameraetuiets/UNDERLEGENHEDEN/Skelstning6/Tempelherres3/lang-1063.dll
- Size
  
  160KB
- MD5
  
  ffff8f07df970029d3a98bc5ef049c7f
- SHA1
  
  c388b985ad0433345c160d8f81c3dc7dedf3f1a8
- SHA256
  
  d08789467b6dfff1f8bf91674029a973a427ef10d7273dfd9f7f481d07301aff
- SHA512
  
  fb8c3b95306c62b6c566da1158630258595cd68f0e24420f68d63992679bc96040f9f035ccf944d31f883fd68166984dceef19b43822630de0222c0d037c14a9
- SSDEEP
  
  3072:IQaFxIiF7wHKd4OFkhEXSKybY4AwlCTWgVEhm5f6UsAJ2QE0kfZytVEaLpmluffi:IW1WLlo
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8