Extracted

• • Target

    418a345985b3014859baebf1fb029ae8_JaffaCakes118

  • Size

    104KB

  • MD5

    418a345985b3014859baebf1fb029ae8

  • SHA1

    0eb5e89db92c78699f15d66c6adbedf52225c3c2

  • SHA256

    b31f4aeb39edab45b99780aebf98451f2b9a045bb42814d2f0b3458ff2a3995d

  • SHA512

    aea4ada28c2392728b18e269698e8b5e6ede1fb4a413e287cc0b17dd315a978f5e5cc9ab3402e734af207eb15ac0af4025849b5d930b1c78e54b00396a3c6f4b

  • SSDEEP

    768:qY0Kk0AP0UM/ikfJ+1bmamD+OlQncbNyywqx2grUX7TUi:X1AP017B+1bP+jQqUqnrFi

  Score

  10^/10

  guloaderdownloaderpersistence

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2