Overview

overview

10

Static

static

3

9ce158db3a...18.exe

windows7-x64

10

9ce158db3a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9ce158db3a35f68975710ad534de747c_JaffaCakes118

  • Size

    116KB

  • Sample

    241125-vy8szatqhn

  • MD5

    9ce158db3a35f68975710ad534de747c

  • SHA1

    3bd2c5f7af8bd0686844c7e933994a926980d7b1

  • SHA256

    d4d30acde6fa4db431b90817911b44d21c65fc1fa72744625bccafe3899869bc

  • SHA512

    8b89fdab399a0ea02ecd4cbad69c570af4b16f826ecc0ca7c6bf81e48ec0651cd8694c9aa0526f1c1ea47f36fc9cecd2f990ae93378c9a2feca86963a2c51c5c

  • SSDEEP

    768:/pYYXgmJWdD+LirNYYLwIUkrQBFfG5Hdp6/UgejMHouSl4rv4+Ms91Kb3B3ZeUrN:htZQFwyg6b6/eMH9SCvlMvye

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      9ce158db3a35f68975710ad534de747c_JaffaCakes118

    • Size

      116KB

    • MD5

      9ce158db3a35f68975710ad534de747c

    • SHA1

      3bd2c5f7af8bd0686844c7e933994a926980d7b1

    • SHA256

      d4d30acde6fa4db431b90817911b44d21c65fc1fa72744625bccafe3899869bc

    • SHA512

      8b89fdab399a0ea02ecd4cbad69c570af4b16f826ecc0ca7c6bf81e48ec0651cd8694c9aa0526f1c1ea47f36fc9cecd2f990ae93378c9a2feca86963a2c51c5c

    • SSDEEP

      768:/pYYXgmJWdD+LirNYYLwIUkrQBFfG5Hdp6/UgejMHouSl4rv4+Ms91Kb3B3ZeUrN:htZQFwyg6b6/eMH9SCvlMvye

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks