guloader | 8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5 | Triage

Sharing

General

Target

JaffaCakes118_8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5
Size

343KB
Sample

241227-bwjaraxrby
MD5

1f6289310bb74bb4f8d741b883890795
SHA1

2076ea6fc59c25abf0a4bc7ad3cf537cf9fd6407
SHA256

8e6e83ba1eb2ceb0eddc7e0fd98e1fb775f4809e4acfe8d5e66dadaa806ad2d5
SHA512

6033bf439601b9654085417fbe38ef55e0cc5756e149948999a42f422b05e726be842c1a6ef49110e6816e6b8c3ac955cc35dd22662ed3f3ab46bd45cc3e88bc
SSDEEP

6144:8jbHno5xbUuCRbMYCvBTJu41mBOER6YxRmCEjzPPHEIdpD5bQvUJOmrD+8W31Zd5:ybHj/kBTJd1yjRqXPHECWUJOQD+4dcvX

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  OneDrives.bin
- Size
  
  371KB
- MD5
  
  95dc944bac00498e8ffe6e0521fb9b33
- SHA1
  
  ef457974564d9303e251894a7e818671a9e13a57
- SHA256
  
  4e5410f0eb18a07360e9ebec0997db9f752208d2e54dcc40fc11721071777256
- SHA512
  
  7a98779a9cd601bd902778a6d6730c468cc36f4a192a64e7cb6170dc18f7e955a68ff65b97786da27b1c6849cebe354cf01fb9b6c0ee025d767b85d8626edc85
- SSDEEP
  
  6144:yPXqhjdkLCjBFJu4jmB+EJ6YxRm6E/zPPHEGdpD5XMvUD0mr9C8W3pZdQb4iIW:HrkLKBFJdjCjRYLPHEY2UD0Q9CasY
Score

10^/10

discovery guloader downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Bonvivanters/Genremaleri/Lifeguards/lang-1029.dll
- Size
  
  151KB
- MD5
  
  e8b79d36d244e79da3f9e81ecbee09f7
- SHA1
  
  1c52b875adeb71929333b03ea0c5d7e938d62829
- SHA256
  
  c535998deeef59204b3da131f0ba3cf95005e54d68dc0b67d56c8881cbe900fe
- SHA512
  
  2b05ca4e6af27d2520b2f41ef9c3a8632806d4a53e342ef6be54dbca6b9d4107ece0115c3cc181bbfb184414457b09b34eafe7fbf8a26f4f26b79a2b8d45c228
- SSDEEP
  
  1536:m10bP0fHyAIhbdNNsVKjEXYmQMB1lBULxthN6hTjumy32EScw4majCeKTrkV1:NbslVKwn1wx96hTjjESAmO
Score

1^/10
behavioral5 behavioral6
- Target
  
  Lanthanotus95/Inlayed/Hovedvagts/completion.dll
- Size
  
  102KB
- MD5
  
  4a477c399809389ee929075a8f5c3df5
- SHA1
  
  ae74641e248efad5a294d9e5176a34676240cff7
- SHA256
  
  4a2618e2e03ab9e6e1563d95641b582beec5b1d87e6ba7acfb9cb1d12256706b
- SHA512
  
  0e917469ac397a4b1490a312418a8e9338c4a47b7b23e0bc7681860ae923af1ea0a370322efcf94203adbb5e595325d1ab97cf42ccf9522ba6db48d10f37c9f9
- SSDEEP
  
  768:v9s4rJ2zatJn27vnvFqNFgkq9h2zTfJSfVnl22MQZ5qi5K1U7cqHTgp37CtSxu3v:vNrJ2oJi/GFgz9hehS9nktQqtc2VE
Score

1^/10
behavioral7 behavioral8
- Target
  
  Portliest/Blokadegreb/Baandstoppene/DataCollector.dll
- Size
  
  69KB
- MD5
  
  de2e4d3e9c6bfed8c6f10fb486e72f0b
- SHA1
  
  a8f9f971a04c54a984f48a373d5ec4883da2ab9d
- SHA256
  
  938caaebbe0b590aaae61881be1d0cbc736546e3858ab478f66b0bd119e48961
- SHA512
  
  a586e9946ea18084451f00ff02b469b132b492bcb5c7dc5258bff506957edf149d47a2bdcec36dc99f2311d85f0d2e92b6ac6ec987ba6ce750270deae5228024
- SSDEEP
  
  1536:xS5EN5Bi4qb3ax0rYm/+rXmjWMNDAILC6rdsBNHeqRGcLp:xS5WW4qb3ax0rYm/+rXmjdGYtrdsBNsG
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10