Extracted

• • Target

    b358b3862384f447759867e97e597d96_JaffaCakes118

  • Size

    72KB

  • MD5

    b358b3862384f447759867e97e597d96

  • SHA1

    43b7f92fdfe54f9359ffcca633dd1971f756d80a

  • SHA256

    792825ddddc6373018c58825b0ddb98b1857afdc07c8dac108b27df7fb558803

  • SHA512

    4f1950baa8ac67c0a2af5e8861ace88a0b4a141f4256421f2c2cd20f8d769c2946131c743f6cdd93e0314143a72ff41ee1128d016a834e4038f2f4dc23678e35

  • SSDEEP

    1536:RESeLk0iVbBhjMpFUZlz3FmkBoXDhjMiVbleLk0:BeYBVzMEFkNMiVpeY

  Score

  10^/10

  guloaderdiscoverydownloaderpersistence

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2