guloader | f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09 | Triage

Sharing

General

Target

JaffaCakes118_f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09
Size

1.4MB
Sample

241227-cc4m1syner
MD5

38d95a020f777979c1939e0881be2115
SHA1

29b9dcd417dff7ce4693fa60c13bb8778db89f70
SHA256

f21fc236f99382ba56941352a456882e65c4d99bcb9ce0094a0981920e9dba09
SHA512

f4df4c8608abf0fa1c7d293a1d2ea6086c432cb17b18ad5fc45c2045dc7bb9f49677b49cd88e60a58a10a2e3e5d7d18427458058fe4b758c88654d2ff22ebf38
SSDEEP

24576:9KHFVDf5/jH9paD8lqAvd/XnHuUrcEj+qx/blRQXBqbPdh0ZWhdbUkT0b4z4u1O:UHFVDfwxa/XHuqcm94AOWhdbUkT0btmO

Score

10^/10

guloader discovery downloader link pdf

Malware Config

Targets

- Target
  
  Untrimmed.exe
- Size
  
  1.5MB
- MD5
  
  32f2cb3180077e9886042bd21a2892fc
- SHA1
  
  c237fbdf4adde0417aa34f1938436a027b72f2f6
- SHA256
  
  723d80c135349493233609d246043e692e87cf1a9976a06a58837fcf4d4eba04
- SHA512
  
  673c4c86d519d021c6cf027d64af4df5977355e4d74041a1d80ff1862b6fa7b378f012af1a926bb7cc166811eee1879cbb678096d6108ac43ace2ebb2da14455
- SSDEEP
  
  49152:IGIyoUTjnn7HO8mcLr4ZluTjou7sWgB33X:I7yogOcsZefqBnX
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  7399323923e3946fe9140132ac388132
- SHA1
  
  728257d06c452449b1241769b459f091aabcffc5
- SHA256
  
  5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
- SHA512
  
  d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1
- SSDEEP
  
  192:eF2HS5ih/7i00dWz9T7PH6lOFcQMI5+Vw+bPFomi7dJWsP:rSUmlw9T7DmnI5+N273FP
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Devastatingly143/Begyndelsesordene/vmrawdskver.dll
- Size
  
  2KB
- MD5
  
  9d4fb7d49748486615e131f35bd2e99c
- SHA1
  
  974c1b6242ef99ba0a66740d0d427dc41e8727c0
- SHA256
  
  85664c35cde1a9d284d7d306ba00ae1ff3925e3289e12c39c29633f71e7c8706
- SHA512
  
  ce1e60f691a4d086b5b7c3762475f2a803dfa6d453d5e3d767870f030c9bacc9510c16d2f2e2b74bf2aca9ddf7450e4000fe5fd539ee35ef5dd57d7cf3cd96d1
Score

1^/10
behavioral5 behavioral6
- Target
  
  Laursens/Synstetiskes/Laquais/Ttsiddende/ServiceCore.dll
- Size
  
  568KB
- MD5
  
  6c7b373a8a2da882fb2061860e65940f
- SHA1
  
  9fff5ef33e9d49fac7c31b07b7c14e9136dff5a1
- SHA256
  
  02a32317a09b57359c06dc3beae500bdbd6b41c133d24aa475d0c9ef0cc230e8
- SHA512
  
  af4c38b6aabe76b65715145326936cc24be9a0b5bd2f16bfc479080c40291d05f5b944c1e5b30b492c5948d1d0785b9f5c7c0962a22d1c650a6bdd51d724a13e
- SSDEEP
  
  12288:MzM949O48v4oAHlP6EmnVqIOPD2jNTJb3n2WggeJisBqrRXSVeyRbVCxseVNDdiL:MzM9aO48v4oAHlP6EmjOPDIxJb3Op
Score

1^/10
behavioral7 behavioral8
- Target
  
  Laursens/Synstetiskes/Laquais/Ttsiddende/System.Xml.ReaderWriter.dll
- Size
  
  21KB
- MD5
  
  e75480e09a1c76d8a0cb6f980e31c3d5
- SHA1
  
  55054399fbcdc5fd8eaacfd48e95f17bb2fdd5ec
- SHA256
  
  3a5b515bcadbb8d24af113c9ae6ad5c6a8e332175a04f2b3535a479d2ec07636
- SHA512
  
  abb6b73a0d0a82b8c176c9f7a55ec293635f3fcfc1c3d3c388c121fc7c38a27614f1afa9a34b7617595aeadd4408a7c992ab78c2f5d9443875e99cd787c1cdee
- SSDEEP
  
  384:M/125qkxK67ex4FCvu22WBAWqlX/uPHRN79SWF//dJR9ztw:M9KLg90lvM9SWF//dj9zC
Score

1^/10
behavioral10 behavioral9
- Target
  
  Prostatism/Mellemfristet/Aprioriskes/lang-5146.dll
- Size
  
  98KB
- MD5
  
  f1a9129eeb989f1521b8beba83228c04
- SHA1
  
  dd0eb3f87447bb0777ab97be36884fe8595fee4f
- SHA256
  
  a0a0e7265c5713dfa57194b9f9bc9369aa71d0438233bd80302190e27c66febb
- SHA512
  
  a0f0a16af06f72a1fddfda8699835bd78640edaf10f648fd01c9d4b7493f365d0b13f3a566e8dc5e30fc160fa6e6915e49707e8194e2d5d4fd8c3114a3010faa
- SSDEEP
  
  1536:zlcHr3+1BoKqhBAOZ67CB2viwgbevXKrmFqY2MXUfu:uWBNsAOkC+TgbevXKrmFqY2+
Score

1^/10
behavioral11 behavioral12
- Target
  
  Prostatism/Mellemfristet/Aprioriskes/libfreetype-6.dll
- Size
  
  722KB
- MD5
  
  0f0a450e617f355fca577ded02e52ede
- SHA1
  
  aeb92363e754d5ee6db1e634c04eb1efe6e3276b
- SHA256
  
  161e0693ad4fe7e9eb411411ad72697fcb7bb18bf0bcae2d884a52875b0cd2f8
- SHA512
  
  26a05a5b794c56fc2c4b794ce38598f78124b89ae8c815bb0f487ead639b7039fffc5067d2a1e22455fde69be8e70d97663e9c9b1d7a2cd3753f92303717bda2
- SSDEEP
  
  12288:m5h4fIuyHZyxAW+RHDfi7qmkLpRxNRcldaxSqKfEWmjJthNw:m5Gy+mHL6qXLPv0dax3vZjJthNw
Score

1^/10
behavioral13 behavioral14
- Target
  
  Puntlatsh/Chromophobic30/APM_Aiff.dll
- Size
  
  151KB
- MD5
  
  e16708b292cb310904110a5a5bea9899
- SHA1
  
  e96feb4fa67304b415aec25fec81a0fb2f93a681
- SHA256
  
  555a7ef39aa4ea426f3ed3e4016d5301eaeada1f27c37c5ab1ade5cc75c0881e
- SHA512
  
  57a371c362cd7514325f63d92aef46e56366ed06ce5c3c76e2d62ced0459e5c59169c613affee3bc4dce2e0a08711c82c4fb8a2205554ef47456e132c93ede63
- SSDEEP
  
  3072:BnM7WceyVzK7c1YAYx4W36wY+Y83/jq7DuKGf7y+fr2YwrmVbUC1jraq1VhLEFw3:7yI7cSJ1VREFtft+
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Symbranchia/libgmp-10.dll
- Size
  
  619KB
- MD5
  
  819bc7486589d014d8fb07fa48fda00f
- SHA1
  
  0875f331bc35f31f90c8c6beae587118e3c74e82
- SHA256
  
  09a0f42528f124955dca1ff2905f04e8add2b490cd34d1743c175dddccfeb48a
- SHA512
  
  82ba377e0b991d691508b5f2f96b69932bb6a8c77c9e6c43cab869b8986fa1daaefe703b1725af08c83158bc838560799f426726b58f6d430bc068a5882f91ed
- SSDEEP
  
  6144:VqCGo2jbRSFZxZ3S9fO4yciqIJuYpvTHq7yXE/0vk5bBGslJ6NoUuUPaT1QANbr6:8Rsx8iP0/GkW/uUi6Al6G+Jh3
Score

1^/10
behavioral17 behavioral18
- Target
  
  Udspecificerendes/Kommunekemis/demasculinisation/Blizzard.dll
- Size
  
  22KB
- MD5
  
  141c12d2d2d9617f110794e283192a53
- SHA1
  
  b5acb181250b314f04abf1fd20681b2be37701f0
- SHA256
  
  93324f2db1d28a6d9807e3c62a50bff245801fd52c951662dda6a4475fd1e99f
- SHA512
  
  14115ee5aa7115acab8cee929d5b4a29be993fa239480a6a734ab6aae70949732dd45627ebe0f41bdcae8362d183b2a94b7918ffa03d33571604013f5732b36c
- SSDEEP
  
  384:wA1cx/42KUt/6ltsnVcI/v4pwLuaE0UqkVdWPd2u4jWgjvyXbxfQSDshCR7:zSZF8f+VnwpnV0mId2uMWgjvI1fZQCR
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Udspecificerendes/Kommunekemis/demasculinisation/Bluetooth Suite help_LV.chm
- Size
  
  45KB
- MD5
  
  f317a63c298b7f31cb0a76ae84095be2
- SHA1
  
  55f8b55ea5bc1c4548b579e261ea0482b4bf92cd
- SHA256
  
  dd081a00d47fdd8c6fb42b506bc3a55b49378dc44024f6b175dfcdada60a0440
- SHA512
  
  d209a9ffd3304fcb1288ffb164e71e0a4e7f4c412b722d2b82e4868135fa012cc8782d0e1730d22890bc01e11797e094c4e83b1950cd63ce6088c542179b4c97
- SSDEEP
  
  768:R5AF7+9nLtI9Ybo2gRqq2x9IYWrE/6H6+MEULCw54YzryKdOFMOU9C:R47+9nhVs2cq3IZri6TILCgJ4FM99C
Score

1^/10
behavioral21 behavioral22
- Target
  
  Udspecificerendes/Kommunekemis/demasculinisation/How-To CFF Extension.pdf
- Size
  
  267KB
- MD5
  
  180313065942d47df7858ade74cee19f
- SHA1
  
  0371b23100df3fd5739585473c3718c4bf85e974
- SHA256
  
  b085d1cdbcb15b6e8e12eb2b8f34d5e900509470bcfd49ab9565663960e2f38a
- SHA512
  
  6764ac65d610b6f7e1f5c622a03752cef606840603285b5c49924f1a3f06c669c43a2d3083f3d823f457554a2205989e3d6b881189e3160a2e1adcbf21dd3996
- SSDEEP
  
  6144:cbNke00sOHmmZx9VDwXJSCCCCCCCCCCCCMo6XHTa6aaFa50cZdD6N9S5uLJXe5n2:cRkNOHm0x9eXJSCCCCCCCCCCCCMTW5ed
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24