guloader | 03780b831d73440886c6ed5d71c3c1c4eea293569d9c454372f959cc8aeb49fd

Sharing

Copy URL

Twitter E-mail

General

Target

9b12deefce1d5506012665df7f3ef103_JaffaCakes118
Size

106KB
Sample

240610-sbkrhszfnb
MD5

9b12deefce1d5506012665df7f3ef103
SHA1

ec03f66334aff5d93e256baa9be3a79ce247b429
SHA256

03780b831d73440886c6ed5d71c3c1c4eea293569d9c454372f959cc8aeb49fd
SHA512

d43ae328960ee0f03a858cab28e2daf93437c1969bbd0fa4e2f1dcce5726b121b88c4b6189d1d6ed88aab77dc15210c66799128039110bcd37a90e4bc467b114
SSDEEP

768:jRbjxPZL4MvMrkbHwTN0GVQ+d4SeqzXf34BfW/PHA8zGesvEaApXwBDGRpn+tKg7:FjLjkr4Haboqz40/DzGeUEaHq0Hcd2

Score

10^/10

Malware Config

Extracted

Family

guloader

https://onedrive.live.com/download?cid=72EF66C14DF86B76&resid=72EF66C14DF86B76%21164&authkey=AH0Y9pQ2RueJP6M

xor.base64

Targets

- Target
  
  9b12deefce1d5506012665df7f3ef103_JaffaCakes118
- Size
  
  106KB
- MD5
  
  9b12deefce1d5506012665df7f3ef103
- SHA1
  
  ec03f66334aff5d93e256baa9be3a79ce247b429
- SHA256
  
  03780b831d73440886c6ed5d71c3c1c4eea293569d9c454372f959cc8aeb49fd
- SHA512
  
  d43ae328960ee0f03a858cab28e2daf93437c1969bbd0fa4e2f1dcce5726b121b88c4b6189d1d6ed88aab77dc15210c66799128039110bcd37a90e4bc467b114
- SSDEEP
  
  768:jRbjxPZL4MvMrkbHwTN0GVQ+d4SeqzXf34BfW/PHA8zGesvEaApXwBDGRpn+tKg7:FjLjkr4Haboqz40/DzGeUEaHq0Hcd2
Score

10^/10

persistence guloader downloader guloader
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Guloader,Cloudeye

Guloader payload

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2