guloader | 29cf7d4a7fc61a36c2c987c64ef3324032ad654405b2c40bc9bcc53c19996e1b | Triage

Sharing

General

Target

JaffaCakes118_849eb4c914b9130f0a69a1609550a564
Size

74KB
Sample

250108-b9kqqsynby
MD5

849eb4c914b9130f0a69a1609550a564
SHA1

813f782bffce0e5f6d9319be5a660b3199fe2135
SHA256

29cf7d4a7fc61a36c2c987c64ef3324032ad654405b2c40bc9bcc53c19996e1b
SHA512

b5ccbf895f380330e73341c3a00ed405e13b47ee3273a4658a437db8b68c44f37b966f4ae5d0264b9dcdaea097ad178aad1a4ac7984da149e7beee7934666295
SSDEEP

1536:aaafTQjzpClvBedwjVbTPkbCdj8m4VjoA61a2ZmO36ZoYcbSt4MN:KfkjzJ2hcOojoYMmOgohbStL

Score

10^/10

guloader discovery downloader

Malware Config

Targets

- Target
  
  payment-wire transfer- (BT67798213454323235).exe
- Size
  
  116KB
- MD5
  
  c4f1b84a1c81384faccccd3ad9d948ff
- SHA1
  
  c76b717bd55e57773a47cc89d65ad3a89abc7e6e
- SHA256
  
  f459f48263d2cd947e104949954b64c697f476f37496b58ef5de69cbead3cf68
- SHA512
  
  8e58d3b89cb811a3c0c7a09770fcd966753ec97a6e26a58428c380992cdc124ba23b3a57a69e4a39f07958a9070fbeb7929bebd0b433fdd7da72776e06a9ebd6
- SSDEEP
  
  1536:/OpY5tZ45qltdQ8OQzFEUcOd3QXDluLQCWU5Z7CED3:15tC5qltK8jxEUcOw1EL
Score

10^/10

guloader discovery downloader
- Guloader family
  guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guloaderdiscoverydownloader

behavioral2

guloaderdiscoverydownloader