General

  • Target

    JaffaCakes118_25c15c9681089beffc8e40612a9b1c257cb170c08946b2ff88f15a36de7848c2

  • Size

    289KB

  • Sample

    241224-s6jgya1mdk

  • MD5

    d4112dac20a6b5ca5a66ff55449a013e

  • SHA1

    33b12b928b00cd19bb7cbb40a7c00cbf2f7cff21

  • SHA256

    25c15c9681089beffc8e40612a9b1c257cb170c08946b2ff88f15a36de7848c2

  • SHA512

    2fa5b5ab8840fc0aec45b30c47b360b4a1897ac169b1df4f2b21e3ba744a21b7dee9865da88821fdf32012d475157891c320b73d3818fc6e6551d8a1a726d938

  • SSDEEP

    6144:TBhlmHQzMrbyHxcsA6JvQ5gu28UlKhWEu0xxPqVI1kY57I0ioQYuYy7:XwPALJC6lKMIqVaVribYu/7

Malware Config

Targets

    • Target

      5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890

    • Size

      307KB

    • MD5

      63532a519bd02c6aae21d1af04c8d91f

    • SHA1

      9f4593a6241658698f6aa84fe2f590ccecc21f28

    • SHA256

      5dd0b3b36f6e543617bd5d1c7f45ec56406ab95d585cbcfea73a7a0877f8c890

    • SHA512

      7d0dfc91e9d7f3747bbf137b1f0155a0068bbb39db4e8129f780a5e49cb9c23d3aad92c961609513c410f12207fbef41ec8dc0bf26fe2f4c9af6a93e5cf33e1b

    • SSDEEP

      6144:E1ssjH3zJkAD54sRVruVPYQcBHy5aFKJz5thM7O8LY1gPfxVJMyF:5sjD19FCmLlKFvhM7bf/

    • Guloader family

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      792b6f86e296d3904285b2bf67ccd7e0

    • SHA1

      966b16f84697552747e0ddd19a4ba8ab5083af31

    • SHA256

      c7a20bcaa0197aedddc8e4797bbb33fdf70d980f5e83c203d148121c2106d917

    • SHA512

      97edc3410b88ca31abc0af0324258d2b59127047810947d0fb5e7e12957db34d206ffd70a0456add3a26b0546643ff0234124b08423c2c9ffe9bdec6eb210f2c

    • SSDEEP

      192:rFiQJ771Jt17C8F1A5xjGNNvgFOiLb7lrT/L93:X71Jt48F2eNvgFF/L

    Score
    3/10
    • Target

      IISCrypto.exe

    • Size

      341KB

    • MD5

      4fcde9159e5a68e0177590eaeee3d5c5

    • SHA1

      23794916aafc1c4af327dccb58a51a29825a929a

    • SHA256

      79b17ab2679d64212710a456a5c1713ff265949b40518f67e61a68d29c521e76

    • SHA512

      c704ca413f9874fa0b289e5cd1c50af0bb35c0768a087761c45c396dfa288d99d95902a02f12be8b177acf5eea59aeb7858fc65f4a8a3f02883052b39839bc20

    • SSDEEP

      6144:zZ23NbztYTCs7HGCut28q2AsXeg17e/fZ8h4ZxANdmt+jRd5h2rKsREF:zZ23NbzIHTNK4GfRd5h2Gn

    Score
    1/10
    • Target

      Microsoft.WindowsAPICodePack.dll

    • Size

      103KB

    • MD5

      56e013e924822c9d02329b15b03ede73

    • SHA1

      085dacfcd1ffa398b795d096833d16367b0d2886

    • SHA256

      7b88388b8367f0d873d0e3b66f533869c24e346fb6f0b2c6c783f931cc9a1631

    • SHA512

      ea0020ee32e0c7e7323f5858a462bf762f65013509012147430f0d8f665eb86f534d2491ca9f737c15bf6f995a8d3e0172537129a0dc8628cf7bf0d0f48457d1

    • SSDEEP

      3072:YfBa6TWUNuRhicznzcSZRazyDG43vjyMcnFliz:dUNuZjAI+mvuM

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks