guloader | aee64c5a3526dba38aacc288a682e5f645140ee9db1dbe13ab3f0b2e3b4798b8 | Triage

Sharing

General

Target

JaffaCakes118_aee64c5a3526dba38aacc288a682e5f645140ee9db1dbe13ab3f0b2e3b4798b8
Size

544KB
Sample

241229-llrjgsylfr
MD5

4d967121731d63d05b23bee8bc59a98b
SHA1

06620aee28358e11b42331847386332fca4433a6
SHA256

aee64c5a3526dba38aacc288a682e5f645140ee9db1dbe13ab3f0b2e3b4798b8
SHA512

1ba915c762692552eb82c63b646eb595a8ddd501c16cb93f7f0268e6cc72f5b06d6b74b8236e2d50d04ddf9dbdfc12a59056d705b7db4a43ac1bb78d88f7a686
SSDEEP

12288:9WAz6q8Fbg7vskNRGLwaS24zSTFQ2qOsKE5Aj4nKdxpzjYM5cQhb0sqMY:hX8Fs7v7kLwaLcSTFHqhKcAb1zjYbQHE

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  fc5ffcb61eee5d39a9d337576bc8aa4a44715ebf467775fb773f2dbf9dd4d537
- Size
  
  627KB
- MD5
  
  71151a83dd3ba35853e6751ea81ad379
- SHA1
  
  d8ab5070b43bfb9b4c07fe11727f096225100820
- SHA256
  
  fc5ffcb61eee5d39a9d337576bc8aa4a44715ebf467775fb773f2dbf9dd4d537
- SHA512
  
  170e787b73039ea7cfcf5add3e3ef79bbb6b7538e8a6d024b6ea6f3a12076ced8a98142d601563cb81bc335f8e199594e4cd3078057c2ec3de531605030563b4
- SSDEEP
  
  12288:sgYFQSJLOnGKXkmIv9PUdYFNXEUCQ30VYhYi2Br/Gb3:sg0NknGKX09MdY7EUC+0V9dTGz
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  564bb0373067e1785cba7e4c24aab4bf
- SHA1
  
  7c9416a01d821b10b2eef97b80899d24014d6fc1
- SHA256
  
  7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5
- SHA512
  
  22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472
- SSDEEP
  
  192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Arkivenheder/Miljteknikere/Bovenland/NeGACOM.dll
- Size
  
  65KB
- MD5
  
  1cb85138dd2d72a382399384e395f26c
- SHA1
  
  3864cd4fd3fbf117b0423298b8de8eb599f24c1c
- SHA256
  
  7fa76f34ff78b115607a1f2738aa0344cde336fa41b3cfebf8e0f4f54beeb323
- SHA512
  
  80b1ff69636e78528f76205fb728c861dca575f30a1a72e266178acb955ea914244bf809d1ead6b73c1edfd6176d7ef992b97a80546f8404840e4065eab6172b
- SSDEEP
  
  1536:mn4vz7s5yRbChBCOmXJ8ay/DinwRL+c3r/D:mqPICHXeaiDuwRL+ur/D
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Bestikkende/Opnormerede/Sonaters/ModuleManager.dll
- Size
  
  61KB
- MD5
  
  ef8e0aaaba9c8d37b1ed352c9cddc95d
- SHA1
  
  796c7a09080fdb37b93f07c5ea86ba511920adef
- SHA256
  
  d16cf52531b2d9917fc6082e9b9ac585000f914717252f78304c9c617a0375b2
- SHA512
  
  db2afd901ba4f33b23934968666331d9958d3afe6d5bce6c245af255fd93204b496b49d6413676df038f8da55d666149836a8075013fc3a8d05405aa6af595a2
- SSDEEP
  
  768:E0OTJMcK3Mqrb7+z0i+5Kjx2qNTxuRpee0Hr9sKe8Ll/0oPRyqzOxyiXt/cIRMaf:1OlMcMMCGzj911PzIyiyIRdsOlDvJj
Score

1^/10
behavioral7 behavioral8
- Target
  
  Deuterosy/Guaranties/Rationaliserings/Knivstik/Bass.Net.dll
- Size
  
  668KB
- MD5
  
  acc79e9fb2c1028fc48133fe8a82fd6f
- SHA1
  
  6157f0591757ea9aec2106886717c94c402243a8
- SHA256
  
  3afaf743f848841405d04a001afc973f5492ee8b7bb1393f4a1464d5d89d4f25
- SHA512
  
  2064378d96e618ff16bb5f4c1160fd3929a20d070b539d7df2b7f8b75768b6062b947b7cbc5d223a0cf023a11231cbdd81095d0b28e2928100f440ff2bccf74b
- SSDEEP
  
  12288:vhAilLJOTeBtAnoxmbkq+ll9iBzrBFmVTmrBVv9lRVs:ZAilLJ3AoxdizFmVKrBVv9lR
Score

1^/10
behavioral10 behavioral9
- Target
  
  Spektrografers/Egesborgs/Bruiting78/lang-1048.dll
- Size
  
  178KB
- MD5
  
  ed454af3e245027350087f6e459b6dfa
- SHA1
  
  28801fb98cacfb73099f43c6a46f8348fadb7c5a
- SHA256
  
  ad11bb04b7f294737cd28516dd6db935e1fb58f7be878143aa2702464cf9d679
- SHA512
  
  b8c9e25fce17f5c5a9e29bc9869138328f2e63fdef9ff14df0c9e38103613c8426c9b067fb1c366076f8f8f3ff8c055cfa0202dce999c8221cd0a3365b4f9a59
- SSDEEP
  
  3072:RbZ70ujHrpP788RsSNskqf0xZWHL15eIfAzn58uIB/z9/Ndzob:JZ70wtP788RsSNskqf0xZWR56m7/NRob
Score

1^/10
behavioral11 behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12