guloader | 1185cc573b94a0c8fe2b032356de723afed807f6568f15a31fbd18b05b260152 | Triage

Sharing

General

Target

JaffaCakes118_300472db329878e80d55f734d56349cb
Size

77KB
Sample

241231-xkna8atpax
MD5

300472db329878e80d55f734d56349cb
SHA1

a8231c35c419a4eeecaef40e911c50c0abca3166
SHA256

1185cc573b94a0c8fe2b032356de723afed807f6568f15a31fbd18b05b260152
SHA512

885b32d3f44e1a351fafbacfcb6e2e0a104453fb16d1ec51789ee98439771663cb1445a41c15b9347b2bdfc117d59a5b623d30e335cdb14432860c6470fbc54d
SSDEEP

1536:N3kf8wcXYGYdshq/dYPCwc1AEKX/JiZYA2uuXyHaPpE4SmWu:N3+coGYd6q/dYPTc1AE8iYA2JjpE4nWu

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  PROFORMA INV BTI39405059_PDF.exe
- Size
  
  120KB
- MD5
  
  9bff0125ee75813a016a50d69bf733da
- SHA1
  
  2926e83c26a210dab8272405b3fd6938e52afbe7
- SHA256
  
  b5f925f4de1012dc51fc822718fdee1816e651ec178b88327b3feb1068db13c9
- SHA512
  
  ede9a23437a256be28054bb37e77cc92a152262dd40194645a9ef52a3ffc74cc7005de013be78af9d6ccaa60cf0519f389507226ba96e8fe8c353b59f979dc87
- SSDEEP
  
  1536:TDkmB3sAiK0kF1JyQmvoTgdJNBbDkeLsKVfHFfwUO4ekqGnD7HECGk/pDk:TYWeKN7crumD6KVfa4e1GnDD//pY
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader