Overview

overview

10

Static

static

3

af533ffcb3...18.exe

windows7-x64

10

af533ffcb3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af533ffcb3bdce014ddf8e991ddc0dce_JaffaCakes118

  • Size

    152KB

  • Sample

    241129-gpk4nazjcv

  • MD5

    af533ffcb3bdce014ddf8e991ddc0dce

  • SHA1

    407327255cd3db231a33de98d62baae2e5c31a99

  • SHA256

    9bdb2adacff9530fde8a0b020e84188b0b39995db62ba167608d8e2493bd3ee4

  • SHA512

    0aab3fca4a9580f0d72fbc94ad5efd395622a4717a17969e194141bfbff76d6c1e2ee2768da7f4e928b283ac5cad71c82a9adc5200a228374872f63d8079e92a

  • SSDEEP

    3072:yxEJpxEqxE2wz/IqR3eQBtCkOlRrw9xEAxEKxEJ:IEJ7EAE2cNRuQBA6EmEgEJ

Score
10/10
guloaderdiscoverydownloader

Malware Config

Targets

    • Target

      af533ffcb3bdce014ddf8e991ddc0dce_JaffaCakes118

    • Size

      152KB

    • MD5

      af533ffcb3bdce014ddf8e991ddc0dce

    • SHA1

      407327255cd3db231a33de98d62baae2e5c31a99

    • SHA256

      9bdb2adacff9530fde8a0b020e84188b0b39995db62ba167608d8e2493bd3ee4

    • SHA512

      0aab3fca4a9580f0d72fbc94ad5efd395622a4717a17969e194141bfbff76d6c1e2ee2768da7f4e928b283ac5cad71c82a9adc5200a228374872f63d8079e92a

    • SSDEEP

      3072:yxEJpxEqxE2wz/IqR3eQBtCkOlRrw9xEAxEKxEJ:IEJ7EAE2cNRuQBA6EmEgEJ

    Score
    10/10
    guloaderdiscoverydownloader

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks