guloader | b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9 | Triage

Submit
Reports

Overview

overview

Static

static

3

4456b93fa8...18.exe

windows7-x64

5

4456b93fa8...18.exe

windows10-2004-x64

Sharing

General

Target

4456b93fa84ead0e6c5020d665120262_JaffaCakes118
Size

80KB
Sample

240515-dvjk8sfa84
MD5

4456b93fa84ead0e6c5020d665120262
SHA1

3c30e119261d2ed1b57887bee9e2bb895f120500
SHA256

b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9
SHA512

3c2b66cfefd00a5a8cd55b13275bec599213bc9695c3d2b69c2ed9198fb205dd9d899243d1398bb0c58a49fbc0ef5d3461a4589db69d38d5dec233272b8807e3
SSDEEP

1536:Q5aO0FX8PbNNkd73OKOeAXmfp/tbM5jx:Q0X8znkd73O1X29Mv

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4456b93fa84ead0e6c5020d665120262_JaffaCakes118.exe

Resource

win10v2004-20240426-en

guloader downloader guloader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://mwrc.ca/a/sh_encrypted_F09C70F.bin

xor.base64

Targets

- Target
  
  4456b93fa84ead0e6c5020d665120262_JaffaCakes118
- Size
  
  80KB
- MD5
  
  4456b93fa84ead0e6c5020d665120262
- SHA1
  
  3c30e119261d2ed1b57887bee9e2bb895f120500
- SHA256
  
  b7eb38f8a922a1344be7186fbf3169e0d130b91498dfae583b9b6d942b40cdd9
- SHA512
  
  3c2b66cfefd00a5a8cd55b13275bec599213bc9695c3d2b69c2ed9198fb205dd9d899243d1398bb0c58a49fbc0ef5d3461a4589db69d38d5dec233272b8807e3
- SSDEEP
  
  1536:Q5aO0FX8PbNNkd73OKOeAXmfp/tbM5jx:Q0X8znkd73O1X29Mv
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy