guloader | 0bf8feda9e131c4b5bc7b17218880c3a492f702fa9fd6dc9d10f5a62a72aa08a | Triage

Sharing

General

Target

JaffaCakes118_14286f5d33d5d0db8c2cf853588105de
Size

136KB
Sample

250106-hffcgs1pdn
MD5

14286f5d33d5d0db8c2cf853588105de
SHA1

0054237732dfb296e5b5429886a057e4374c1515
SHA256

0bf8feda9e131c4b5bc7b17218880c3a492f702fa9fd6dc9d10f5a62a72aa08a
SHA512

f8169fc9ed525a268dca75f6e1e836fae00dabe3876aaf4766d21cf8d883fa91f0e4a6c8c9fcee3daec6ac6db0100614e7bbf0720b9015cd98015043dafe627d
SSDEEP

1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3v:ll1OogjVnQCia/lAYVi

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  JaffaCakes118_14286f5d33d5d0db8c2cf853588105de
- Size
  
  136KB
- MD5
  
  14286f5d33d5d0db8c2cf853588105de
- SHA1
  
  0054237732dfb296e5b5429886a057e4374c1515
- SHA256
  
  0bf8feda9e131c4b5bc7b17218880c3a492f702fa9fd6dc9d10f5a62a72aa08a
- SHA512
  
  f8169fc9ed525a268dca75f6e1e836fae00dabe3876aaf4766d21cf8d883fa91f0e4a6c8c9fcee3daec6ac6db0100614e7bbf0720b9015cd98015043dafe627d
- SSDEEP
  
  1536:jSMJImKSOog+MxVnWzC5sWgzb7W/MEA6Jm2taMMco3v:ll1OogjVnQCia/lAYVi
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader