General

  • Target

    6a27d79466a937b0cae645969d679571_JaffaCakes118

  • Size

    140KB

  • Sample

    240523-h3qrqshc22

  • MD5

    6a27d79466a937b0cae645969d679571

  • SHA1

    955e57a2247b91af0b2a0fd1153d0357419fef68

  • SHA256

    c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59

  • SHA512

    21674e96c528487aea20360221b238fe0d39eed3fde06edf0fcb9432a7f274f80a71d913bffdfa97d56a509d07277f702b37f975c7f424d8450babd8512b3be4

  • SSDEEP

    768:txOFrCwD/2TgKucPo4zMtM/oaFA3rDwkRs03e/9KhrDimz6KLJ5IVAMcIyadIS8x:tA/HKTdA80lq0hrDim2EcVJcR

Score
10/10

Malware Config

Extracted

Family

guloader

C2

https://credoaz.com/growth/bin_encrypted_8D5D1FF.bin

xor.base64

Targets

    • Target

      6a27d79466a937b0cae645969d679571_JaffaCakes118

    • Size

      140KB

    • MD5

      6a27d79466a937b0cae645969d679571

    • SHA1

      955e57a2247b91af0b2a0fd1153d0357419fef68

    • SHA256

      c46bc8f7f6334e0ac2957de6b03b6a04bca97a5604c90ecbfd755a7b7fdeed59

    • SHA512

      21674e96c528487aea20360221b238fe0d39eed3fde06edf0fcb9432a7f274f80a71d913bffdfa97d56a509d07277f702b37f975c7f424d8450babd8512b3be4

    • SSDEEP

      768:txOFrCwD/2TgKucPo4zMtM/oaFA3rDwkRs03e/9KhrDimz6KLJ5IVAMcIyadIS8x:tA/HKTdA80lq0hrDim2EcVJcR

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks