Overview

overview

10

Static

static

3

be0ae58568...18.exe

windows7-x64

10

be0ae58568...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be0ae58568db82432c545fa19c81865c_JaffaCakes118

  • Size

    216KB

  • Sample

    241203-sx2xxs1ldw

  • MD5

    be0ae58568db82432c545fa19c81865c

  • SHA1

    c6b80fc312b7ff025058d8135c42e1064dbe538e

  • SHA256

    d208ffc2564354ae38ff1792f4b16148f4ba4507e57cea27e8146625fd12262b

  • SHA512

    c68423787e0e352ecef928e06536b9011b9240e350207045503a8a3647dad3469a2177cb112e90444c5b7ebc70150b413aca712d7998f0ed1213cea24cd81e83

  • SSDEEP

    1536:smy+RPPDkZFW4HDM3w35zizADhqPJdAnTwXx9CQzi3Oxu5A8C0LSlE:y+BkZFWq5ziCsKCieE5LC0LSS

Score
10/10
guloaderdiscoverydownloaderpersistence

Malware Config

Targets

    • Target

      be0ae58568db82432c545fa19c81865c_JaffaCakes118

    • Size

      216KB

    • MD5

      be0ae58568db82432c545fa19c81865c

    • SHA1

      c6b80fc312b7ff025058d8135c42e1064dbe538e

    • SHA256

      d208ffc2564354ae38ff1792f4b16148f4ba4507e57cea27e8146625fd12262b

    • SHA512

      c68423787e0e352ecef928e06536b9011b9240e350207045503a8a3647dad3469a2177cb112e90444c5b7ebc70150b413aca712d7998f0ed1213cea24cd81e83

    • SSDEEP

      1536:smy+RPPDkZFW4HDM3w35zizADhqPJdAnTwXx9CQzi3Oxu5A8C0LSlE:y+BkZFWq5ziCsKCieE5LC0LSS

    Score
    10/10
    guloaderdiscoverydownloaderpersistence

    • Guloader family

      guloader

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks