guloader | 2b1477f3067516017f5342a31030e8a200870885137802bc8447c009eabfec96 | Triage

Sharing

General

Target

JaffaCakes118_2b1477f3067516017f5342a31030e8a200870885137802bc8447c009eabfec96
Size

153KB
Sample

241229-kgfqraxmgq
MD5

21760c1e72d6a772759dd78fe043031f
SHA1

1b6f6eaca7ad4730156f33616db5ba31e38577e9
SHA256

2b1477f3067516017f5342a31030e8a200870885137802bc8447c009eabfec96
SHA512

5be2674738e74e2d7704d362cfc78629cb1ccf9f63174b6cf69d080eb761158f67c02ca1303b926113dfaf5f2ba472ec7d7ebab8db21f7ce623539e99ad29264
SSDEEP

3072:110HBjqCoYv1nE983C5anljUP47gMiLVT392ysLdYohI:11EMCLtnE9MUalQPdMsb9LsLCoe

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  receipt_001546037_pdf.exe
- Size
  
  170KB
- MD5
  
  d5aa2c1bde54eed4dea0a726f53ece83
- SHA1
  
  f65cbee27265f644d9689616ac6bcfec57bbb9d1
- SHA256
  
  18f08ae0c963df4cdb63a1f5c9f772bacc4c55b10cb64aed51963071999961a3
- SHA512
  
  393cb8b044d177ebd3b8bfc1999268265c4593cd3559118860154298b988ab4a25b9e39a0624314ba1933a15602bb5dc3817913d8b30fe388a4a3d482acc7ade
- SSDEEP
  
  3072:5/c/d6j3AaTzfYbX/8pFDu8EYPLMqM9VO7jdKexAnZTJKjwThQFMFF7tsnm2kZfd:5/c/43A4SvktHLq9VYFxAnZuwO2FFOd6
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  637e1fa13012a78922b6e98efc0b12e2
- SHA1
  
  8012d44e42cd6d813ea63d5ccbf190fe72e3c778
- SHA256
  
  703e17d30a91775f8ddc2648b537fc846fad6415589a503a4529c36f60a17439
- SHA512
  
  932ed6a52e89c4fa587a7c0c3903d69cf89a32dbd46ed8dcb251abb6c15192d92b1f624c31f0e4bd3e9bf95fc1a55fdb7cee9dd668e1b4f22ddb95786c063e96
- SSDEEP
  
  192:U4A1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:UYR7SrtTv53tdtTgwF4SQbGPX36g9Mw
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Presbyope/HEX32.DLL
- Size
  
  15KB
- MD5
  
  909c45dd8bf19cea3792935a768cd16e
- SHA1
  
  456bdc3dcff07a379d672c7ec5ab6a5b7fbc481e
- SHA256
  
  da49d6bee8888263abfbd410699cb675bd6d9c29e4a305d3117d54e7ae321462
- SHA512
  
  2afe40e6d6092e88390b9db4fe73dfa3daba5cf5db15ef591cea2109ad3fbc583e0b9068cde8bc50e6a74352f0f9e3c4a194f1e88cb0cd299c469969788e8c83
- SSDEEP
  
  192:qBzaW+zA43yz2jQ3SUUnxNkXXl4Pgm7dL6b5VoDa:qda1zGkT2d6L6F+m
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  libgspell-1-2.dll
- Size
  
  141KB
- MD5
  
  6674a176fd49a2f14123798d86700d8f
- SHA1
  
  eb4739e0c2865323a6abb686df64f091b0d1007a
- SHA256
  
  058a5f8732ad8099abd8d0967399c7e395af98d21cdbbe4379bf6dd31837d987
- SHA512
  
  0cabc5e253f505b48831e3f53a31ca5d8095175c46a25fc4c11b52b430457dd2fa4c2cf88ba71cde6421514956236c5e3805a9b22661991f5b2d2dc876875153
- SSDEEP
  
  1536:FR09tdo3RxkVROWSCm4l0DXJRMuCCneZES1i6UFJJiC578ZEp:D0b2TkVROcm4URmCneVscCFp
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8