Overview

overview

10

Static

static

3

MT103 Swif...er.exe

windows7-x64

10

MT103 Swif...er.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    73a08d50af748d0ea058c45a2c3dcc21_JaffaCakes118

  • Size

    26KB

  • Sample

    240525-3lh1saef6s

  • MD5

    73a08d50af748d0ea058c45a2c3dcc21

  • SHA1

    57fe91793204ee54123ee55a68eefbf5d0682ac7

  • SHA256

    3dad66f01e53b7324125ea6d8e59e19380557ae0366f7ed8e07a7b393505533b

  • SHA512

    d170bf21706f04f53f45a2d41be7fea51e5be35a3d46ac3546579e7b2fb892dcb67da271e7f32f9975e7dedc4734a1f89a85cbc38d480478a89493b662927453

  • SSDEEP

    768:whvGFEq4XM/YjRKDFFYwzT5qt3+6taBji:sGFz7fFBQpL0Q

Score
10/10
guloaderdownloader

Malware Config

Extracted

Family

guloader

C2

http://shalomadonai.com.br/rcky_encrypted_6CC32C0.bin

xor.base64

Targets

    • Target

      MT103 Swift Bank Transfer.exe

    • Size

      100KB

    • MD5

      8e8cfee980666c34664d527485ef693e

    • SHA1

      6a9764cdf249443a8907253840a98fa0e5006714

    • SHA256

      c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783

    • SHA512

      d5c5fb56db6e5cb8d9ecfe22f36bc35e452ed0ad511e3b15c4b40df0c9aac263b30db6b192ff21656844e6710972744c357d3dc91d4c1a64a47e7cd7c46c01a1

    • SSDEEP

      768:Y5/dS/71qyh0rzO3cUcPFYqWCxL0ehWsZqRAQIrszIZ:GdM7syH3cRtYqWCxYfsMRAQIIUZ

    Score
    10/10
    guloaderdownloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks