General

  • Target

    5fcb9b4a8fe72fba741ee6088750a6ad_JaffaCakes118

  • Size

    60KB

  • Sample

    240520-ssamwafc56

  • MD5

    5fcb9b4a8fe72fba741ee6088750a6ad

  • SHA1

    ec0b6049d8c4d42d099c7fd0fe940252f604ca31

  • SHA256

    1c50501d1b131f7276313ae1dc61f8b52775007b18ad179ecaf994c89484daba

  • SHA512

    0a0fb48ca6bf08c52d9eafa0bf0ffe9bea3da2c455c7dfd59583c679d2b8dfa7bd0b619462b3a942649f5fc79be015d9896939a2449def90031a7b6216a96c15

  • SSDEEP

    768:bZFh1yl84gZySk3sWCr/b2IGPD1ebcdiknq:bZF+lUZy3ArqIGPHdiqq

Score
10/10

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1ZN-9FbYbLcbSKxcBuvRbQndPhudvEUzQ

Targets

    • Target

      5fcb9b4a8fe72fba741ee6088750a6ad_JaffaCakes118

    • Size

      60KB

    • MD5

      5fcb9b4a8fe72fba741ee6088750a6ad

    • SHA1

      ec0b6049d8c4d42d099c7fd0fe940252f604ca31

    • SHA256

      1c50501d1b131f7276313ae1dc61f8b52775007b18ad179ecaf994c89484daba

    • SHA512

      0a0fb48ca6bf08c52d9eafa0bf0ffe9bea3da2c455c7dfd59583c679d2b8dfa7bd0b619462b3a942649f5fc79be015d9896939a2449def90031a7b6216a96c15

    • SSDEEP

      768:bZFh1yl84gZySk3sWCr/b2IGPD1ebcdiknq:bZF+lUZy3ArqIGPHdiqq

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks