guloader | 6d6e36eaf29e38080d45637d42af428e2cccb9b7e47129c6c70ae84dc7db6489 | Triage

Submit
Reports

Overview

overview

Static

static

3

7e7fabb1fa...18.exe

windows7-x64

6

7e7fabb1fa...18.exe

windows10-2004-x64

Sharing

General

Target

7e7fabb1faa04e24a0c3471c60203ec7_JaffaCakes118
Size

76KB
Sample

240528-1k2qdseg39
MD5

7e7fabb1faa04e24a0c3471c60203ec7
SHA1

eba626b2199a3fc7256bf09dba9a72ad2b277959
SHA256

6d6e36eaf29e38080d45637d42af428e2cccb9b7e47129c6c70ae84dc7db6489
SHA512

f2576f40214f24f983c9675dd52f1451976fc602c195db6d84f33fb5ee30e5835c740af65194b7600b89f96950f9efe79933498dd1487d29bb9a5ff0fa6fbeb4
SSDEEP

1536:p4/YORBpLjjoSXffIVA7Z130GAlG/YORBpLjjoSXff:CQORjjoSYVA7zkGAlGQORjjoS

Score

10^/10

guloader downloader guloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7e7fabb1faa04e24a0c3471c60203ec7_JaffaCakes118.exe

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e7fabb1faa04e24a0c3471c60203ec7_JaffaCakes118.exe

Resource

win10v2004-20240426-en

guloader downloader guloader

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=14fiYTuh9XFnx8VPpsFqaVqLQKYS82Ur5

xor.base64

Targets

- Target
  
  7e7fabb1faa04e24a0c3471c60203ec7_JaffaCakes118
- Size
  
  76KB
- MD5
  
  7e7fabb1faa04e24a0c3471c60203ec7
- SHA1
  
  eba626b2199a3fc7256bf09dba9a72ad2b277959
- SHA256
  
  6d6e36eaf29e38080d45637d42af428e2cccb9b7e47129c6c70ae84dc7db6489
- SHA512
  
  f2576f40214f24f983c9675dd52f1451976fc602c195db6d84f33fb5ee30e5835c740af65194b7600b89f96950f9efe79933498dd1487d29bb9a5ff0fa6fbeb4
- SSDEEP
  
  1536:p4/YORBpLjjoSXffIVA7Z130GAlG/YORBpLjjoSXff:CQORjjoSYVA7zkGAlGQORjjoS
Score

10^/10

guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderguloader

© 2018-2024

Terms | Privacy