guloader | 22600bf939213458b0c557700031593aaf9fe0c2cd90fc330e29748ec66adb03 | Triage

Sharing

General

Target

JaffaCakes118_0177c423d33507eb5acfbf6180035561
Size

136KB
Sample

250105-3hjsxaypb1
MD5

0177c423d33507eb5acfbf6180035561
SHA1

fe00bc95807fcc0ab3eebec288e3c35934de1f46
SHA256

22600bf939213458b0c557700031593aaf9fe0c2cd90fc330e29748ec66adb03
SHA512

389d20c2446f0d1e3c3d1f01f372453c02a7e165ef8ba835ea91e5df4550b32102a44ce88cad442e11f347f8825068dd1aab0cae0f408bf6daf654f893597d1d
SSDEEP

1536:7uQk9P70nl81EqOrI0goTQJ6ww7koXXyqqGphcZvnw2:i9D+81EDmAQVwIoYnhnH

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  JaffaCakes118_0177c423d33507eb5acfbf6180035561
- Size
  
  136KB
- MD5
  
  0177c423d33507eb5acfbf6180035561
- SHA1
  
  fe00bc95807fcc0ab3eebec288e3c35934de1f46
- SHA256
  
  22600bf939213458b0c557700031593aaf9fe0c2cd90fc330e29748ec66adb03
- SHA512
  
  389d20c2446f0d1e3c3d1f01f372453c02a7e165ef8ba835ea91e5df4550b32102a44ce88cad442e11f347f8825068dd1aab0cae0f408bf6daf654f893597d1d
- SSDEEP
  
  1536:7uQk9P70nl81EqOrI0goTQJ6ww7koXXyqqGphcZvnw2:i9D+81EDmAQVwIoYnhnH
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader