General

  • Target

    3afbff763b9b7c1d7ee7c7d99ea33bb2_JaffaCakes118

  • Size

    104KB

  • Sample

    240711-2jfbfaxdmq

  • MD5

    3afbff763b9b7c1d7ee7c7d99ea33bb2

  • SHA1

    12b5d5a2d7d19e3efcd840b173f681acb5b1c497

  • SHA256

    6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092

  • SHA512

    13452625c153e68da245cc1712a37b28b1903cef4d70057bc6afca2be2fe2f94b28d97c5dd468b35c6f5f64d409a2349972ca40bafcdad8222d2209454716b92

  • SSDEEP

    1536:PEv/F/F6MF33S7/h/Jk6P612mS6s+Bw+SFg+T2/:k3BSLk1cmSnT2

Score
10/10

Malware Config

Extracted

Family

guloader

C2

http://mtspsmjeli.sch.id/cl/VK_Remcos%20v2_AxaGIU151.bin

xor.base64

Targets

    • Target

      3afbff763b9b7c1d7ee7c7d99ea33bb2_JaffaCakes118

    • Size

      104KB

    • MD5

      3afbff763b9b7c1d7ee7c7d99ea33bb2

    • SHA1

      12b5d5a2d7d19e3efcd840b173f681acb5b1c497

    • SHA256

      6147decc439b9d258f5b19f77dfa47ea441e681c49e0b699533eea18104f4092

    • SHA512

      13452625c153e68da245cc1712a37b28b1903cef4d70057bc6afca2be2fe2f94b28d97c5dd468b35c6f5f64d409a2349972ca40bafcdad8222d2209454716b92

    • SSDEEP

      1536:PEv/F/F6MF33S7/h/Jk6P612mS6s+Bw+SFg+T2/:k3BSLk1cmSnT2

    Score
    10/10
    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks