guloader | fe8d7a1d177aa7b33528584cffcc0d4ec11f9fa8a400dfb802d88748fa7cd35f | Triage

Sharing

General

Target

JaffaCakes118_fe8d7a1d177aa7b33528584cffcc0d4ec11f9fa8a400dfb802d88748fa7cd35f
Size

546KB
Sample

241226-z9xbja1lbv
MD5

0cb9c61261d616a24fb4351962c83914
SHA1

e1c96e51b40af207f5addab53274539793623bf0
SHA256

fe8d7a1d177aa7b33528584cffcc0d4ec11f9fa8a400dfb802d88748fa7cd35f
SHA512

9418981ddcd89302800ab31dd02bfc11ee306b35a68ff45308769d6b5fcfbb7b9e81dd460b6dd062448320aeab54093013d94736a4ab4c4b5eed1041e52f9dc8
SSDEEP

12288:sqQbJqrBYTR8Zjmj9N/+V0axvs0x8SnTyC9I5TnEt:s7qrBmsHT9sA/TJCnEt

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  Solicitud de pedido de Cqmasso..exe
- Size
  
  621KB
- MD5
  
  2636d10dc3c358d668fc7f9ce2dbb212
- SHA1
  
  fe30456bad9886cb588a34c736e5d98b9152cf5b
- SHA256
  
  ba35f1826084c07eea2284b583b829e9e4e48ed6628d3a7736398e08fbc90d48
- SHA512
  
  2fe0212c76709a349b913314d241359c79ea81a22cd16704ba7221b0b05436d8aa752a4af65221f2e1ed3565d8938c32a4673c9732724b8292e47acbb840386c
- SSDEEP
  
  12288:/bZpw4HB9TRGZjRj9N/+VhDxvsMx8SnuyCLIun:/bZpzHL+oV9so/uHb
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  SOERGESALUT/NEPHROLITHOTOMY/Agrostis7/Coccosteus1/libbz2-1.dll
- Size
  
  96KB
- MD5
  
  fd0b2bd2ae13d41de526b57e435c7fb5
- SHA1
  
  55bb61c011180eaa172a83feefc38d8fe7c5498b
- SHA256
  
  e996e8d18fa41407d80680adb9e416d916f7320e4559485ce3e3e5de811dca1d
- SHA512
  
  d7ebda50787aec915c6e3eab880a01dfc8925166c2cd2c1c70cc8ee505f17117f9e6ae9b1d57048df29bbd8705070618650a09ded64750e422a10e0365afa74e
- SSDEEP
  
  1536:DDrxVw7IsNwmkMdKx711fvsOrTJ7X3OUTT4okcTzn8P8xF3Y:/rxXsNBdKJfUORz9n4cTz8PKF3Y
Score

1^/10
behavioral5 behavioral6
- Target
  
  SOERGESALUT/NEPHROLITHOTOMY/Agrostis7/Coccosteus1/vm3ddevapi64-stats.dll
- Size
  
  283KB
- MD5
  
  b02a49f388eb67324cb730c9a95bb95a
- SHA1
  
  bd50273568a6cf60ef813e795fc5c44c644f4e1f
- SHA256
  
  a122dbf6e788346be9f602fb34008dea9bda31891b288819d479f70e4aa154a7
- SHA512
  
  8ea06f43c0d0c62295e1f752a2e67ce3379a8e700ed4f9ad5a962915296b7316644917f1893c7ff301b3d5519d827e22da92fcfe20e4e06196c96a97dfbda7ac
- SSDEEP
  
  6144:KOrFH5ad1DK4zpFxa2jzen3PSB5OwLdm/rrLwbq:jrFH5+tdFxa2+n/iOTLwbq
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8