guloader | c6fc27b7f1eddba996aae782de62c487de64cd1f628e9fa4e72fc3c7cf4cd9bb | Triage

Sharing

General

Target

JaffaCakes118_c6fc27b7f1eddba996aae782de62c487de64cd1f628e9fa4e72fc3c7cf4cd9bb
Size

264KB
Sample

241230-xrg3sawrax
MD5

68793cbbea900d0a5b9ba4670b10f29e
SHA1

44df524281bb5e71597872f89272e2ac6fbf4da2
SHA256

c6fc27b7f1eddba996aae782de62c487de64cd1f628e9fa4e72fc3c7cf4cd9bb
SHA512

e6fffdea06f07f498c981be940c8f78f3576927f2a893363c284025c30ca8900aecdf9996264b2b6819545d8c91582dca103a23cfd58df9d2f577bb84d3322ec
SSDEEP

6144:o4QtY1VxLcZt5HDMDHVCHqe0jWCdyJGGn3THa3hoeyT:o4QtY1Pc701wqhjKG4TShyT

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  New Inquiry/New Inquiry.exe
- Size
  
  296KB
- MD5
  
  4c77e8e1f6e34cd556d3371978ae2171
- SHA1
  
  0ad73e86f57e6b6936b65bf095c597f593b7fc39
- SHA256
  
  894159a80304d12d54e28bc4ad52eae517bd2aaededba933fd27f1c46cfb4598
- SHA512
  
  30942ec29491ca6ffbc50071454386e292c753918741d0dc519f93bb8832c28128d4b04b989ed119cd99b06d0db5cabc7532db9262cdb2a9a714e127395ff727
- SSDEEP
  
  6144:M6bAcJ3iiPiaIj0hkkYYuwpqgCRlif7zZdy5ad2R3thc91Hd:DjIj0hkk8iZdyZe1Hd
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  8b3830b9dbf87f84ddd3b26645fed3a0
- SHA1
  
  223bef1f19e644a610a0877d01eadc9e28299509
- SHA256
  
  f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37
- SHA512
  
  d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03
- SSDEEP
  
  192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader

behavioral3

behavioral4