General
-
Target
f8b85f347a71a59f7f00ae7532f2c18b_JaffaCakes118
-
Size
40KB
-
Sample
240926-te84ysyena
-
MD5
f8b85f347a71a59f7f00ae7532f2c18b
-
SHA1
b6550c39499503580dfa3f495dfd6676bb59bae9
-
SHA256
6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f
-
SHA512
af4dd63b8b0d2ff4648b2860f39750a3f8255b0f40f13a7547d85765b2e8d2968927f510654511416f17c7e98d621f78e0843d822b6060bba9affb4d6d55262e
-
SSDEEP
384:VKR02k9t1VvgETLVj34wFWU9XqVCfSPqCg8eQ3HY5W8X23:VKRFk9TTLGwtCCfgg8eQ3HGX2
Malware Config
Extracted
guloader
https://onedrive.live.com/download?cid=4C3F5C65A99DA195&resid=4C3F5C65A99DA195%21195&authkey=AJB0IkxVDYstJY0
Targets
-
-
Target
f8b85f347a71a59f7f00ae7532f2c18b_JaffaCakes118
-
Size
40KB
-
MD5
f8b85f347a71a59f7f00ae7532f2c18b
-
SHA1
b6550c39499503580dfa3f495dfd6676bb59bae9
-
SHA256
6876aa707adeeffbe08d86d26c6cf48b8d77d46c96f8ace28a523b0a846db38f
-
SHA512
af4dd63b8b0d2ff4648b2860f39750a3f8255b0f40f13a7547d85765b2e8d2968927f510654511416f17c7e98d621f78e0843d822b6060bba9affb4d6d55262e
-
SSDEEP
384:VKR02k9t1VvgETLVj34wFWU9XqVCfSPqCg8eQ3HY5W8X23:VKRFk9TTLGwtCCfgg8eQ3HGX2
Score10/10-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-