guloader | b083d42c1a784b528f71bb7ba48b3898f364262a2377cdea6c292991cca0b12e | Triage

Submit
Reports

Overview

overview

Static

static

3

ORDER TEMA...df.exe

windows7-x64

ORDER TEMA...df.exe

windows10-2004-x64

Sharing

General

Target

a8a89b0af7cc2390fab6ffaca9a67e95_JaffaCakes118
Size

35KB
Sample

240614-jzl5ta1gld
MD5

a8a89b0af7cc2390fab6ffaca9a67e95
SHA1

e58d176ed4842afd41dcd89461d6e1172e397285
SHA256

b083d42c1a784b528f71bb7ba48b3898f364262a2377cdea6c292991cca0b12e
SHA512

b34b8061ed5b6066c5141f04f943674e409ebb864d1c1f40ad5d87537c65f3667565adc423fabaab69c0bf770a5b6fd696e3c7443f7667745f7a9e4e3a4171e4
SSDEEP

768:h7+n/oeRsjrOUCfUnEglY4iAAXv3GU+uaWTXuD3252QWJJdzHfE:5+nwe+1oUnvlYPXX+0uD325nWHdzHfE

Score

10^/10

guloader downloader guloader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER TEMAQTN03420.pdf.exe

Resource

win7-20240611-en

guloader downloader guloader persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER TEMAQTN03420.pdf.exe

Resource

win10v2004-20240508-en

guloader downloader guloader persistence

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ORDER TEMAQTN03420.pdf.bat
- Size
  
  92KB
- MD5
  
  112face4604bd6d53890c720014aa6ad
- SHA1
  
  c02b7af506322cfcd47b2baae832453fbf327850
- SHA256
  
  2736a22d053fb69491862c85b4365fdc772d33ad83dcef7f426e6bcd725b9301
- SHA512
  
  d5aaf2765f4fd1667a4aaef1e6f57c084c06964fb88ee30903864fc3102da8cd574954cb8d9b2739daaa8d07fa79ee8433acf35cf5b4eca1f2936035f5b9417f
- SSDEEP
  
  1536:VOxgxgIyddH/uMKkpxBQ6N5PxbMKkpxBQngxgIyddH/:w8fyddfu8pxBQ6Txb8pxBQn8fyddf
Score

10^/10

guloader downloader guloader persistence
- Guloader,Cloudeye
  A shellcode based downloader first seen in 2020.
  downloader guloader
- Guloader payload
  guloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guloaderdownloaderguloaderpersistence

behavioral2

guloaderdownloaderguloaderpersistence

© 2018-2024

Terms | Privacy