General

  • Target

    JaffaCakes118_f043b2f3b8dcfa78d6354e6b46e37facf7ea340c2a729e7215065fb86d47b935

  • Size

    590KB

  • Sample

    241224-leldwstnds

  • MD5

    d77e28e73c4406d6d74f3e3d4eeeee19

  • SHA1

    26ab5795f56b7f070e27d5fa34877c219822d9a8

  • SHA256

    f043b2f3b8dcfa78d6354e6b46e37facf7ea340c2a729e7215065fb86d47b935

  • SHA512

    841896a955966a336929e3008b63309930bc1f7fd9e4c54521e88730140d806e0f2097d5cb3896d800b39b99c8d96c7be541fabba36cc36093820f6256aa4a78

  • SSDEEP

    12288:yAuJBrsJdj2FE8aMxFENytgrFcGRNYsUGLm2EZHXPCfebBh9z6cqKNY:RuJBrsJdjx8HE15E7ntPCk9z6gNY

Malware Config

Targets

    • Target

      SKMBT 11021882377 Ref 19072022.bin

    • Size

      620KB

    • MD5

      34f9d4691898da41794bdaa6f6f59dde

    • SHA1

      3bf8ff97eef6b32d1f31dd44bf0d5e10295e7bfd

    • SHA256

      fd976513c52e2bc49687596d2a2515b04835adad2be24c8b6a1d6477aafa0385

    • SHA512

      d26e73f258d0f83641664cfdea15b5607b290a13e34a82faa1c6d850bf869c1a6eb19b0907096a1e63339723be6c34b78e96964aa6810f54e4ead07b39565acc

    • SSDEEP

      12288:JQ1wsl0r73yETBYodtmjoR57BXJeJdpRa24E0gMBcD26cmQLkvtjqJp:JQ1wsM7TuOtJ5x07RqGD26cjsjWp

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/Math.dll

    • Size

      66KB

    • MD5

      70ba99745542354a2efcb1c2f167b62b

    • SHA1

      8b18bc8d3e6e52222baef7ab7ab125436ef5c966

    • SHA256

      711427242bff919c78fbba2b298b5d5898f75d73f1d7f4c4eb22badf525864a5

    • SHA512

      e3504a8d8d2b8793078f6a1f6297fb4c017eaee58360882ea063ab717d11841f2effcec1ba6fada449d1cc491dea35c9a9512237fcdfaf6b55f70f95e9a4d085

    • SSDEEP

      1536:LP4nWYcvlq0oam+2MwRmbeqFVybIZlITtOvR:Lw6q05oQytS

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      792b6f86e296d3904285b2bf67ccd7e0

    • SHA1

      966b16f84697552747e0ddd19a4ba8ab5083af31

    • SHA256

      c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

    • SHA512

      97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

    • SSDEEP

      192:rFiQJ771Jt17C8F1A5xjGNNvgFOiLb7lrT/L93:X71Jt48F2eNvgFF/L

    Score
    3/10
    • Target

      Gourmet/Tjah/Brittly/Garnene/SharpDX.dll

    • Size

      408KB

    • MD5

      e1db8c04daacaafd839227dbcc339df5

    • SHA1

      5df2160f7860b4a1067333b36109bea32cef2603

    • SHA256

      850f7e8202de8085298a857a81ec90aeb902488ddce5dc43b34d549491a166fb

    • SHA512

      a2ba14bf1cddbc891dbca9955a956b1f5950a24acc94fed78a1bddddf767b12df341196bc2fb38a0c648486a1a1b7386a5c4e8627b05b2138c07e22893da6497

    • SSDEEP

      6144:R8HBmZAY2kcxWFx0WZGVqWeiqL5/DxR3qGKsMzqFnCFM94uxi5ueCnG:3ZexWereiO5jKXI4uSA

    Score
    1/10
    • Target

      libpixbufloader-ani.dll

    • Size

      24KB

    • MD5

      67c73605a26b7e9cd7329175001b5cd9

    • SHA1

      79589dfe07b3a1c132e6d4cea61e9f31df7d20fb

    • SHA256

      91174b53de80bdf5b5f8124f07da124cabab1fac1b30edff81a7b85d352d5c9d

    • SHA512

      1f51ec4ce75f0b94ff649d1b494a557b202638bb674887a505fdf4e6dac4a00c73511998ede2b247c9493d7bc3244b77cd8ba8dfab4feb016c830f47c4028ab1

    • SSDEEP

      384:Fy59al8ZBMctfYsy0ni9z9YzmJOs4kPccFhZgkTrZbyqWhnqy:FI9tZBltAs7iz9YCJ/FPVZzghqy

    Score
    1/10
    • Target

      paginathing.js

    • Size

      7KB

    • MD5

      ed88923f8d4b27057840e66d1ee80d6a

    • SHA1

      c06309da9e18e7267367c9263ff56decd0765fd0

    • SHA256

      81a4d5deef417694d1943bd3a75ffcd7d3b1b01a5e8af8e3e57071ac7feedb52

    • SHA512

      8ca598e760d09e871ad5bd19b274640d0e1a797210f05e0fbae3ed199ce94633053ad1cdff33e4d1dc412fe79ff4326bcbbc79c7e8fd1c6047ee2e0470108f6f

    • SSDEEP

      192:nRQHR+qLVa4CJJAbHjTiNJGSkNij3B0we7Lrh:REPstJmHjTjNgxyt

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks