Extracted

• • Target

    bfe4aabcee56d9ea66622617e6a5fe4b_JaffaCakes118

  • Size

    120KB

  • MD5

    bfe4aabcee56d9ea66622617e6a5fe4b

  • SHA1

    d42ea0954d9bf83a12a85ad01543a157099de63c

  • SHA256

    0512c8c515096734e33d52d39d554b683466183859b968f3c3fc525be6acd69e

  • SHA512

    e578ba6907d916bb4604c2c68250b624c41f2ece9a07270c79ae3487288eca970ca5cf14f0adc625e1341fac73cebdc3b837daa08877574bc9d848ade65044b3

  • SSDEEP

    1536:wbzdIV2eDCsbvzlJAF4aSeH6iRNKipxXJT4r4580MFO/1aqY990:EZemaIF5OSzTHDME//Y990

  Score

  10^/10

  guloaderdiscoverydownloaderguloaderpersistence

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Guloader payload

    guloader

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2