guloader | e5142b32498bf308fe74c79a3c5b308f1eff5319da59a134bd55fcb0644785fe | Triage

Sharing

General

Target

JaffaCakes118_e5142b32498bf308fe74c79a3c5b308f1eff5319da59a134bd55fcb0644785fe
Size

50KB
Sample

241229-gvkp3svlfy
MD5

068d063826f24d0454f5a8aaa995e67d
SHA1

686ee0c1bcedb312d25eef5118f3acc19f627793
SHA256

e5142b32498bf308fe74c79a3c5b308f1eff5319da59a134bd55fcb0644785fe
SHA512

a88f70e0586686366e4f34294fad993b3e6cf2469b71319668d6da13b7e04026c4184c496a0bd7047c7f490c3be07c3029b3882e96628f8f3278cb9ab80ec436
SSDEEP

1536:idNjM0BrzOCfUWFOsLnzMvo9mExubyCW2TuQndc:N0NzOCfUiOsLnzMvWxu+5guz

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  shellcode.exe
- Size
  
  1.0MB
- MD5
  
  09ea8a8f6f4b41e779c728bb9060e21d
- SHA1
  
  1bb85f6634b32ead5eb164bc7bf80aa36299e006
- SHA256
  
  1df4dc12c0118cb36a33456ace897124540bc1d6553554ad7334bee2ae8aa834
- SHA512
  
  6019ceeba9f6ee6dc1ddacf2f12324b71a18172eb975977de01e50c2eca6b6162630395423800c8c222f7b0387cef2be8b896038d2484be187d1e8500079662f
- SSDEEP
  
  1536:vh3LTV30kb217S/Y4rGm/It3Rg7UvDafGRyF6v:vBLTV30717UBGH9RAUvDKeW6v
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader