guloader | aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890 | Triage

Submit
Reports

Overview

overview

Static

static

9ac0724cd2...18.exe

windows7-x64

6

9ac0724cd2...18.exe

windows10-2004-x64

Sharing

General

Target

9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118
Size

60KB
Sample

240610-qaf1tswelb
MD5

9ac0724cd20d2574580f0bf06b8aea75
SHA1

5e2088c4bdae79d584f5478782337701a8467cda
SHA256

aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890
SHA512

1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4
SSDEEP

768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7

Score

10^/10

guloader downloader guloader persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe

Resource

win7-20231129-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118.exe

Resource

win10v2004-20240226-en

guloader downloader guloader persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1Q0Ltq2Kw5sxwS2JWRYNfsyrv58mrj4ks

xor.base64

Targets

- Target
  
  9ac0724cd20d2574580f0bf06b8aea75_JaffaCakes118
- Size
  
  60KB
- MD5
  
  9ac0724cd20d2574580f0bf06b8aea75
- SHA1
  
  5e2088c4bdae79d584f5478782337701a8467cda
- SHA256
  
  aa4b6310c2dbd466a089cd9a7a414a50c3124f70c763fc0d1cb7c922e29c3890
- SHA512
  
  1e43b5a267c6bcfbe7493ccdf9b5493126bdbeb6bb049e7c020fa51aa829be08d6ab686aa51a47bb239c0b25c088fa38dea9cd9f2d93d65b9e02155d98d62da4
- SSDEEP
  
  768:/HV30jqxr5ScACZXpzsXUKY5l02d1zButV2:/13eqxlFAatOwR7
Score

10^/10

persistence guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy