Overview

overview

10

Static

static

3

Payment_copy,pdf.exe

windows7-x64

10

Payment_copy,pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef22a8082b7689b219f9901f6465ef08_JaffaCakes118

  • Size

    168KB

  • Sample

    240921-fywq3swgmb

  • MD5

    ef22a8082b7689b219f9901f6465ef08

  • SHA1

    a24a45e64af20e6fcaafab7d9e28282bba203fc4

  • SHA256

    226b829c25ce63dd18e0c3d589703cd3d56331c6ed3e0f298fc067c36a959d77

  • SHA512

    4a711ba8adf827f737dc8a4859e7de8ebb9e1a1d39cea31a477b6d42201d77a2729f0dc53b2264d2c3afb52039d3ed8cffa425eb2b0f0952bdd3ec6f5d84336d

  • SSDEEP

    768:GWIQyHogomqjEwq0rD0lv/KJAHDJdj6teaVaad/w699aQnaHUkgzevYRWjMuw1WJ:Coywq0rEHDWfaadYUav0zDAMu41HzMp

Score
10/10
guloaderdiscoverydownloaderguloader

Malware Config

Extracted

Family

guloader

C2

https://drive.google.com/uc?export=download&id=1TD32nFaHy6YTJ_nI63EQRlJKG5ucx1qy

xor.base64

Targets

    • Target

      Payment_copy,pdf.exe

    • Size

      108KB

    • MD5

      1891109dc8dcf9934c62ac64306066ec

    • SHA1

      8b7d53bfc4675942e7108e1326dd7ac5a1b6f0c9

    • SHA256

      7506cacea86f01d9460ae87faa19006baa845bffb7ab0b5349af5a21016686d9

    • SHA512

      c9b8ff6fc6bd63abb105cd07c00d41dca2fea38531e9ae88ac47754a8d2f10fcc717050c6e0cca74bed25271327c59c89121bff17d61f76d61d34cbe5cf1df84

    • SSDEEP

      768:ZIQyHogomqjEwq0rD0lv/KJAHDJdj6teaVaad/w699aQnaHUkgzevYRWjMuw1W4o:soywq0rEHDWfaadYUav0zDAMu41HzMp

    Score
    10/10
    guloaderdiscoverydownloaderguloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Checks QEMU agent state file

      Checks state file used by QEMU agent, possibly to detect virtualization.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks