Extracted

• • Target

    ed042ec84feec8fe4759aec258c565fa_JaffaCakes118

  • Size

    168KB

  • MD5

    ed042ec84feec8fe4759aec258c565fa

  • SHA1

    35ab35126c579947eb5389918549f41a8b47730e

  • SHA256

    ef34189ff1f1d0d1df2bd1f90802dd30d5eeb285e20136e3eb477afe2b324248

  • SHA512

    652375791a855ca16ba2491433af18ee67b3d5eff68c1f15ef1e2ca9f915a541d1c9e5e03b7cf1dfc96667fd74ff04c0c17d35f4c06422102974c0ca1e015063

  • SSDEEP

    1536:MChkOF0AGSt4BtBKiKAmmRYBCt4BtBKiKqGPeFn:nklA9ziKAFR4CziKq+0

  Score

  10^/10

  guloaderdiscoverydownloaderpersistence

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2