General

  • Target

    JaffaCakes118_2153b8af04a231529dc2c1ec72a8535c9994b16db53fcdd8b58944b066dcc741

  • Size

    71KB

  • Sample

    241223-ssddrstjdt

  • MD5

    4d3461bb5ec13ac7432dd5419c903925

  • SHA1

    535a4b96a1267872df0bdeaa3169b3d09fce8ed2

  • SHA256

    2153b8af04a231529dc2c1ec72a8535c9994b16db53fcdd8b58944b066dcc741

  • SHA512

    344be55a8b132e9c0796ce01570c2d76921ca4e08e0a665a1057fbc9b0c348cd19eded86fc0532a3367e6375e911db55a9efaf64eb977cede884ed976526f90b

  • SSDEEP

    1536:kJa807nQ1X0jm9Xti+ZUXu8zVTEaWklMyvem2DvcCxYz9EilL6:kJZE1MRZc5tE0lMy4DvBx09Ed

Malware Config

Targets

    • Target

      bc17992fdb1d5f78b149ade199607473293b684eb42827a33c992f2a86a39708

    • Size

      269KB

    • MD5

      0687d2967a7544a70b1af7b740af40e6

    • SHA1

      76a18314d3e7005aca19ef36174b93264d35e421

    • SHA256

      bc17992fdb1d5f78b149ade199607473293b684eb42827a33c992f2a86a39708

    • SHA512

      432119a174bb8aac27b4edfb99f7dd98fafea7e1e72ab1d1136c0f6202452d9efed20be5777300ecd194314a889ea3195a338c46544ad3e39f61b0ad4dd5876f

    • SSDEEP

      6144:oAVTvYW68CrncZaofffffffffffffffffffffffffffffffffffffffffffff2fR:oANE8CrcZU

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks