Extracted

• • Target

    03f891aeb8fd33cd03997d9bcc61d226_JaffaCakes118

  • Size

    96KB

  • MD5

    03f891aeb8fd33cd03997d9bcc61d226

  • SHA1

    bb12d2d8bc7d3e049cdcda106a14090ee040402f

  • SHA256

    04fd4bdd959ef2dbc5b2cfa6bbd3c43ab6efe17f8b7b207674609632366ecaa3

  • SHA512

    86a7d98adc152b936dde1ccf424b006037761a9759d37156bdf9f2e84c8187f8ea06696b2863f812b2c08b4ca9c16af05a3eecf1b23a336056c25d8a23e55cbb

  • SSDEEP

    768:6QRDFK7Eii2bH6euqSQ77Vh1P1BL6C26Ks1QWDC19Q26nfaslZTb:6QRQw72baejLZ31Qd165fXF

  Score

  10^/10

  guloaderdownloaderpersistence

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2