General

  • Target

    6bb7c41f759a6a0c090edb67049f11d0_JaffaCakes118

  • Size

    216KB

  • Sample

    240523-v2qfssae72

  • MD5

    6bb7c41f759a6a0c090edb67049f11d0

  • SHA1

    76bccf1ccef6fe52f8846724a78da8c6e9e1f08d

  • SHA256

    3a1ba3bfee4b213f085df647f18f215b6893b7e98444947c65db812e5fbb1baf

  • SHA512

    5f96fb2c2ffa8d7e664d0eba30a38e4f990646c704fede9349f493a83001a05b684e3a09ea729e02de3a1dea11085d2c62d8e92b1f561a1ccc16975bf9bcae5e

  • SSDEEP

    1536:/12DpIhtQWe4XqkT8WChJViPP3/euuuvuuuuuuuDn2Vzn:YI/Jida/tr

Score
10/10

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1us3ZR4YZf2R7r39QSP-y1ijpQ3n4aSYn

xor.base64

Targets

    • Target

      6bb7c41f759a6a0c090edb67049f11d0_JaffaCakes118

    • Size

      216KB

    • MD5

      6bb7c41f759a6a0c090edb67049f11d0

    • SHA1

      76bccf1ccef6fe52f8846724a78da8c6e9e1f08d

    • SHA256

      3a1ba3bfee4b213f085df647f18f215b6893b7e98444947c65db812e5fbb1baf

    • SHA512

      5f96fb2c2ffa8d7e664d0eba30a38e4f990646c704fede9349f493a83001a05b684e3a09ea729e02de3a1dea11085d2c62d8e92b1f561a1ccc16975bf9bcae5e

    • SSDEEP

      1536:/12DpIhtQWe4XqkT8WChJViPP3/euuuvuuuuuuuDn2Vzn:YI/Jida/tr

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks